diff --git a/2006/0xxx/CVE-2006-0235.json b/2006/0xxx/CVE-2006-0235.json index 4606921aa67..b32f2c3cc03 100644 --- a/2006/0xxx/CVE-2006-0235.json +++ b/2006/0xxx/CVE-2006-0235.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060116 White Album Sql İnjection biyosecurity.be", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422105/100/0/threaded" - }, - { - "name" : "http://www.biyosecurity.be/bugs/whitealbum.txt", - "refsource" : "MISC", - "url" : "http://www.biyosecurity.be/bugs/whitealbum.txt" - }, - { - "name" : "16247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16247" - }, - { - "name" : "ADV-2006-0241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0241" - }, - { - "name" : "22520", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22520" - }, - { - "name" : "18460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18460" - }, - { - "name" : "whitealbum-pictures-sql-injection(24271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0241" + }, + { + "name": "22520", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22520" + }, + { + "name": "16247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16247" + }, + { + "name": "18460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18460" + }, + { + "name": "http://www.biyosecurity.be/bugs/whitealbum.txt", + "refsource": "MISC", + "url": "http://www.biyosecurity.be/bugs/whitealbum.txt" + }, + { + "name": "20060116 White Album Sql İnjection biyosecurity.be", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422105/100/0/threaded" + }, + { + "name": "whitealbum-pictures-sql-injection(24271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24271" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3080.json b/2006/3xxx/CVE-2006-3080.json index f65d5e27b5f..3c693269716 100644 --- a/2006/3xxx/CVE-2006-3080.json +++ b/2006/3xxx/CVE-2006-3080.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060616 aXentForum II XSS vuLLn", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437403/100/0/threaded" - }, - { - "name" : "20060622 Re: aXentForum II XSS vuLLn", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438062/100/0/threaded" - }, - { - "name" : "http://pridels0.blogspot.com/2006/06/axentforum-ii-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/axentforum-ii-xss-vuln.html" - }, - { - "name" : "18473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18473" - }, - { - "name" : "ADV-2006-2407", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2407" - }, - { - "name" : "1016320", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016320" - }, - { - "name" : "axentforum-viewposts-xss(27136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/axentforum-ii-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/axentforum-ii-xss-vuln.html" + }, + { + "name": "18473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18473" + }, + { + "name": "20060622 Re: aXentForum II XSS vuLLn", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438062/100/0/threaded" + }, + { + "name": "axentforum-viewposts-xss(27136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27136" + }, + { + "name": "20060616 aXentForum II XSS vuLLn", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437403/100/0/threaded" + }, + { + "name": "1016320", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016320" + }, + { + "name": "ADV-2006-2407", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2407" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3739.json b/2006/3xxx/CVE-2006-3739.json index ac02da94c65..4b2f13cb70c 100644 --- a/2006/3xxx/CVE-2006-3739.json +++ b/2006/3xxx/CVE-2006-3739.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060912 Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412" - }, - { - "name" : "20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445812/100/0/threaded" - }, - { - "name" : "20070330 VMSA-2007-0002 VMware ESX security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464268/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-614", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-614" - }, - { - "name" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html" - }, - { - "name" : "DSA-1193", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1193" - }, - { - "name" : "GLSA-200609-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-07.xml" - }, - { - "name" : "MDKSA-2006:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:164" - }, - { - "name" : "RHSA-2006:0665", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0665.html" - }, - { - "name" : "RHSA-2006:0666", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0666.html" - }, - { - "name" : "102714", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1" - }, - { - "name" : "102780", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1" - }, - { - "name" : "SUSE-SR:2006:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html" - }, - { - "name" : "USN-344-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-344-1" - }, - { - "name" : "19974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19974" - }, - { - "name" : "oval:org.mitre.oval:def:10305", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305" - }, - { - "name" : "ADV-2006-3581", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3581" - }, - { - "name" : "ADV-2006-3582", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3582" - }, - { - "name" : "ADV-2007-0322", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0322" - }, - { - "name" : "ADV-2007-1171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1171" - }, - { - "name" : "1016828", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016828" - }, - { - "name" : "21864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21864" - }, - { - "name" : "21889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21889" - }, - { - "name" : "21890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21890" - }, - { - "name" : "21894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21894" - }, - { - "name" : "21900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21900" - }, - { - "name" : "21904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21904" - }, - { - "name" : "21908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21908" - }, - { - "name" : "21924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21924" - }, - { - "name" : "22141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22141" - }, - { - "name" : "22332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22332" - }, - { - "name" : "22560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22560" - }, - { - "name" : "23033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23033" - }, - { - "name" : "22080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22080" - }, - { - "name" : "23899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23899" - }, - { - "name" : "24636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24636" - }, - { - "name" : "xorg-server-cidafm-overflow(28899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2006:0666", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0666.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm" + }, + { + "name": "21900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21900" + }, + { + "name": "MDKSA-2006:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:164" + }, + { + "name": "21904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21904" + }, + { + "name": "SUSE-SR:2006:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html" + }, + { + "name": "21864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21864" + }, + { + "name": "21894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21894" + }, + { + "name": "USN-344-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-344-1" + }, + { + "name": "21889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21889" + }, + { + "name": "21908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21908" + }, + { + "name": "102714", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1" + }, + { + "name": "RHSA-2006:0665", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0665.html" + }, + { + "name": "22141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22141" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm" + }, + { + "name": "ADV-2007-1171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1171" + }, + { + "name": "DSA-1193", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1193" + }, + { + "name": "xorg-server-cidafm-overflow(28899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28899" + }, + { + "name": "22080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22080" + }, + { + "name": "https://issues.rpath.com/browse/RPL-614", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-614" + }, + { + "name": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html" + }, + { + "name": "22332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22332" + }, + { + "name": "22560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22560" + }, + { + "name": "20070330 VMSA-2007-0002 VMware ESX security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464268/100/0/threaded" + }, + { + "name": "23033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23033" + }, + { + "name": "20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445812/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:10305", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305" + }, + { + "name": "GLSA-200609-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-07.xml" + }, + { + "name": "102780", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1" + }, + { + "name": "20060912 Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412" + }, + { + "name": "24636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24636" + }, + { + "name": "ADV-2007-0322", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0322" + }, + { + "name": "21890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21890" + }, + { + "name": "19974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19974" + }, + { + "name": "1016828", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016828" + }, + { + "name": "ADV-2006-3581", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3581" + }, + { + "name": "21924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21924" + }, + { + "name": "ADV-2006-3582", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3582" + }, + { + "name": "23899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23899" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3855.json b/2006/3xxx/CVE-2006-3855.json index e5f7e114752..6d4cb272ad4 100644 --- a/2006/3xxx/CVE-2006-3855.json +++ b/2006/3xxx/CVE-2006-3855.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka \"C code UDR.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 Arbitrary Library Loading in Informix", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443184/100/0/threaded" - }, - { - "name" : "20060814 Informix - Discovery, Attack and Defense", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded" - }, - { - "name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", - "refsource" : "MISC", - "url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" - }, - { - "name" : "19264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19264" - }, - { - "name" : "ADV-2006-3077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3077" - }, - { - "name" : "27689", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27689" - }, - { - "name" : "21301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21301" - }, - { - "name" : "informix-ccodeudr-privilege-escalation(28129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka \"C code UDR.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" + }, + { + "name": "20060814 Informix - Discovery, Attack and Defense", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded" + }, + { + "name": "20060814 Arbitrary Library Loading in Informix", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443184/100/0/threaded" + }, + { + "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", + "refsource": "MISC", + "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" + }, + { + "name": "informix-ccodeudr-privilege-escalation(28129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28129" + }, + { + "name": "21301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21301" + }, + { + "name": "19264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19264" + }, + { + "name": "ADV-2006-3077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3077" + }, + { + "name": "27689", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27689" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4400.json b/2006/4xxx/CVE-2006-4400.json index db3f197fcb7..d51555b6045 100644 --- a/2006/4xxx/CVE-2006-4400.json +++ b/2006/4xxx/CVE-2006-4400.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "VU#835936", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/835936" - }, - { - "name" : "21335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21335" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "30737", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30737" - }, - { - "name" : "1017301", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017301" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "VU#835936", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/835936" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "21335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21335" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "30737", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30737" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + }, + { + "name": "1017301", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017301" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4419.json b/2006/4xxx/CVE-2006-4419.json index 011d4eaa416..9cd1b6daa04 100644 --- a/2006/4xxx/CVE-2006-4419.json +++ b/2006/4xxx/CVE-2006-4419.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2259", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2259" - }, - { - "name" : "19728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19728" - }, - { - "name" : "promanager-note-sql-injection(28592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2259", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2259" + }, + { + "name": "19728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19728" + }, + { + "name": "promanager-note-sql-injection(28592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28592" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4421.json b/2006/4xxx/CVE-2006-4421.json index ef51a1524ee..e909e2ae6ab 100644 --- a/2006/4xxx/CVE-2006-4421.json +++ b/2006/4xxx/CVE-2006-4421.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060825 YaPiG thanks_comment.php Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444328/100/0/threaded" - }, - { - "name" : "http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0001", - "refsource" : "MISC", - "url" : "http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0001" - }, - { - "name" : "19709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19709" - }, - { - "name" : "1463", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060825 YaPiG thanks_comment.php Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444328/100/0/threaded" + }, + { + "name": "19709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19709" + }, + { + "name": "1463", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1463" + }, + { + "name": "http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0001", + "refsource": "MISC", + "url": "http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0001" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4450.json b/2006/4xxx/CVE-2006-4450.json index 824948a1ab0..263003b9930 100644 --- a/2006/4xxx/CVE-2006-4450.json +++ b/2006/4xxx/CVE-2006-4450.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060512 PHPBB 2.0.20 persistent issues with avatars", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html" - }, - { - "name" : "17965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17965" - }, - { - "name" : "20093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20093" - }, - { - "name" : "1470", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1470" - }, - { - "name" : "phpbb-avatar-security-bypass(26537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1470", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1470" + }, + { + "name": "20060512 PHPBB 2.0.20 persistent issues with avatars", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html" + }, + { + "name": "phpbb-avatar-security-bypass(26537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26537" + }, + { + "name": "17965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17965" + }, + { + "name": "20093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20093" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4867.json b/2006/4xxx/CVE-2006-4867.json index e7103e3a6dd..c0c7aa40e26 100644 --- a/2006/4xxx/CVE-2006-4867.json +++ b/2006/4xxx/CVE-2006-4867.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is \"Forum.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gnuturk.com/mods.php?go=Forums&p=vtop&t_id=138", - "refsource" : "MISC", - "url" : "http://www.gnuturk.com/mods.php?go=Forums&p=vtop&t_id=138" - }, - { - "name" : "2378", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2378" - }, - { - "name" : "20069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20069" - }, - { - "name" : "ADV-2006-3660", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3660" - }, - { - "name" : "21956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is \"Forum.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3660", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3660" + }, + { + "name": "2378", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2378" + }, + { + "name": "21956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21956" + }, + { + "name": "20069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20069" + }, + { + "name": "http://www.gnuturk.com/mods.php?go=Forums&p=vtop&t_id=138", + "refsource": "MISC", + "url": "http://www.gnuturk.com/mods.php?go=Forums&p=vtop&t_id=138" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6558.json b/2006/6xxx/CVE-2006-6558.json index 0f3f3b0b469..99ae3983f2c 100644 --- a/2006/6xxx/CVE-2006-6558.json +++ b/2006/6xxx/CVE-2006-6558.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of \"?A\" sequences in the (1) LIST and possibly (2) NLST command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2926", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2926" - }, - { - "name" : "13848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13848" - }, - { - "name" : "ADV-2006-4994", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4994" - }, - { - "name" : "23365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23365" - }, - { - "name" : "crob-list-dos(30867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of \"?A\" sequences in the (1) LIST and possibly (2) NLST command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13848" + }, + { + "name": "2926", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2926" + }, + { + "name": "ADV-2006-4994", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4994" + }, + { + "name": "crob-list-dos(30867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30867" + }, + { + "name": "23365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23365" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6946.json b/2006/6xxx/CVE-2006-6946.json index 8cea9969e5f..3b51c22d059 100644 --- a/2006/6xxx/CVE-2006-6946.json +++ b/2006/6xxx/CVE-2006-6946.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#63999575", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2363999575/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#63999575", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2363999575/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7113.json b/2006/7xxx/CVE-2006-7113.json index 5f789a1f867..55ddd2fd086 100644 --- a/2006/7xxx/CVE-2006-7113.json +++ b/2006/7xxx/CVE-2006-7113.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21344" - }, - { - "name" : "ADV-2006-4770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4770" - }, - { - "name" : "23103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23103" - }, - { - "name" : "pnews-avatar-file-upload(30579)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21344" + }, + { + "name": "pnews-avatar-file-upload(30579)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30579" + }, + { + "name": "23103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23103" + }, + { + "name": "ADV-2006-4770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4770" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2023.json b/2010/2xxx/CVE-2010-2023.json index 8b5c9b44b09..f9c010576be 100644 --- a/2010/2xxx/CVE-2010-2023.json +++ b/2010/2xxx/CVE-2010-2023.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100603 Multiple vulnerabilities in Exim", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511653/100/0/threaded" - }, - { - "name" : "20100603 Multiple vulnerabilities in Exim", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html" - }, - { - "name" : "[exim-dev] 20100524 Security issues in exim4 local delivery", - "refsource" : "MLIST", - "url" : "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html" - }, - { - "name" : "http://bugs.exim.org/show_bug.cgi?id=988", - "refsource" : "CONFIRM", - "url" : "http://bugs.exim.org/show_bug.cgi?id=988" - }, - { - "name" : "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2", - "refsource" : "CONFIRM", - "url" : "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2" - }, - { - "name" : "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25", - "refsource" : "CONFIRM", - "url" : "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=600093", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=600093" - }, - { - "name" : "FEDORA-2010-9506", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html" - }, - { - "name" : "FEDORA-2010-9524", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "USN-1060-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1060-1" - }, - { - "name" : "40451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40451" - }, - { - "name" : "40019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40019" - }, - { - "name" : "40123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40123" - }, - { - "name" : "43243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43243" - }, - { - "name" : "ADV-2010-1402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1402" - }, - { - "name" : "ADV-2011-0364", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0364" - }, - { - "name" : "exim-mail-directory-priv-escalation(59043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100603 Multiple vulnerabilities in Exim", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html" + }, + { + "name": "40451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40451" + }, + { + "name": "ADV-2010-1402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1402" + }, + { + "name": "ADV-2011-0364", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0364" + }, + { + "name": "43243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43243" + }, + { + "name": "http://bugs.exim.org/show_bug.cgi?id=988", + "refsource": "CONFIRM", + "url": "http://bugs.exim.org/show_bug.cgi?id=988" + }, + { + "name": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25", + "refsource": "CONFIRM", + "url": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25" + }, + { + "name": "40019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40019" + }, + { + "name": "[exim-dev] 20100524 Security issues in exim4 local delivery", + "refsource": "MLIST", + "url": "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html" + }, + { + "name": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2", + "refsource": "CONFIRM", + "url": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2" + }, + { + "name": "40123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40123" + }, + { + "name": "20100603 Multiple vulnerabilities in Exim", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511653/100/0/threaded" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=600093", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600093" + }, + { + "name": "FEDORA-2010-9524", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "USN-1060-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1060-1" + }, + { + "name": "exim-mail-directory-priv-escalation(59043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59043" + }, + { + "name": "FEDORA-2010-9506", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2423.json b/2010/2xxx/CVE-2010-2423.json index 4625066d5f7..d4ab50dc038 100644 --- a/2010/2xxx/CVE-2010-2423.json +++ b/2010/2xxx/CVE-2010-2423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2466.json b/2010/2xxx/CVE-2010-2466.json index 6f34a3613b7..451c2d50150 100644 --- a/2010/2xxx/CVE-2010-2466.json +++ b/2010/2xxx/CVE-2010-2466.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blip.tv/file/3414004", - "refsource" : "MISC", - "url" : "http://blip.tv/file/3414004" - }, - { - "name" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html", - "refsource" : "MISC", - "url" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html" - }, - { - "name" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2", - "refsource" : "MISC", - "url" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2" - }, - { - "name" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", - "refsource" : "MISC", - "url" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" - }, - { - "name" : "VU#228737", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/228737" - }, - { - "name" : "netbox-database-backups-info-disclosure(59826)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html", + "refsource": "MISC", + "url": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html" + }, + { + "name": "VU#228737", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/228737" + }, + { + "name": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2", + "refsource": "MISC", + "url": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2" + }, + { + "name": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", + "refsource": "MISC", + "url": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" + }, + { + "name": "http://blip.tv/file/3414004", + "refsource": "MISC", + "url": "http://blip.tv/file/3414004" + }, + { + "name": "netbox-database-backups-info-disclosure(59826)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59826" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2506.json b/2010/2xxx/CVE-2010-2506.json index e9973877535..3391af785db 100644 --- a/2010/2xxx/CVE-2010-2506.json +++ b/2010/2xxx/CVE-2010-2506.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100623 IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511952/100/0/threaded" - }, - { - "name" : "wap54gv3-debug-xss(59699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wap54gv3-debug-xss(59699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59699" + }, + { + "name": "20100623 IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511952/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3386.json b/2010/3xxx/CVE-2010-3386.json index c14c4ea3dcb..8f993c5616f 100644 --- a/2010/3xxx/CVE-2010-3386.json +++ b/2010/3xxx/CVE-2010-3386.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598309", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598309", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598309" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0314.json b/2011/0xxx/CVE-2011-0314.json index 423f811d20b..c3238ca8cb4 100644 --- a/2011/0xxx/CVE-2011-0314.json +++ b/2011/0xxx/CVE-2011-0314.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IZ81294", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ81294" - }, - { - "name" : "45801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45801" - }, - { - "name" : "42941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42941" - }, - { - "name" : "wmq-message-bo(64550)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45801" + }, + { + "name": "wmq-message-bo(64550)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64550" + }, + { + "name": "IZ81294", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ81294" + }, + { + "name": "42941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42941" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0384.json b/2011/0xxx/CVE-2011-0384.json index 3991c06c176..b405ceb56dd 100644 --- a/2011/0xxx/CVE-2011-0384.json +++ b/2011/0xxx/CVE-2011-0384.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml" - }, - { - "name" : "46520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46520" - }, - { - "name" : "1025113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025113" - }, - { - "name" : "cisco-switch-java-unauth-access(65620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46520" + }, + { + "name": "cisco-switch-java-unauth-access(65620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65620" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml" + }, + { + "name": "1025113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025113" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0393.json b/2011/0xxx/CVE-2011-0393.json index 646f067850a..f7b1edfa7c5 100644 --- a/2011/0xxx/CVE-2011-0393.json +++ b/2011/0xxx/CVE-2011-0393.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances 500 series devices, when transparent firewall mode is configured but IPv6 is not configured, allow remote attackers to cause a denial of service (packet buffer exhaustion and device outage) via IPv6 traffic, aka Bug ID CSCtj04707." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml" - }, - { - "name" : "1025108", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025108" - }, - { - "name" : "43488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43488" - }, - { - "name" : "ADV-2011-0493", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0493" - }, - { - "name" : "asa-packet-buffer-dos(65589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances 500 series devices, when transparent firewall mode is configured but IPv6 is not configured, allow remote attackers to cause a denial of service (packet buffer exhaustion and device outage) via IPv6 traffic, aka Bug ID CSCtj04707." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml" + }, + { + "name": "1025108", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025108" + }, + { + "name": "43488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43488" + }, + { + "name": "ADV-2011-0493", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0493" + }, + { + "name": "asa-packet-buffer-dos(65589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65589" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0410.json b/2011/0xxx/CVE-2011-0410.json index ae8112d7420..f8da70c5343 100644 --- a/2011/0xxx/CVE-2011-0410.json +++ b/2011/0xxx/CVE-2011-0410.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-0410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#547167", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/547167" - }, - { - "name" : "70601", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70601" - }, - { - "name" : "70602", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70602" - }, - { - "name" : "43010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43010" - }, - { - "name" : "scrumworks-base64-info-disclosure(64883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70601", + "refsource": "OSVDB", + "url": "http://osvdb.org/70601" + }, + { + "name": "VU#547167", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/547167" + }, + { + "name": "70602", + "refsource": "OSVDB", + "url": "http://osvdb.org/70602" + }, + { + "name": "43010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43010" + }, + { + "name": "scrumworks-base64-info-disclosure(64883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64883" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1341.json b/2011/1xxx/CVE-2011-1341.json index 1c3e3b19e7d..9a72b84f232 100644 --- a/2011/1xxx/CVE-2011-1341.json +++ b/2011/1xxx/CVE-2011-1341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before 4.0.4.0, and Aipo for ASP before 4.0.4.0, allows remote attackers to hijack the authentication of administrators for requests that modify data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN72854072/91216/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN72854072/91216/index.html" - }, - { - "name" : "JVN#72854072", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN72854072/index.html" - }, - { - "name" : "JVNDB-2011-000062", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before 4.0.4.0, and Aipo for ASP before 4.0.4.0, allows remote attackers to hijack the authentication of administrators for requests that modify data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN72854072/91216/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN72854072/91216/index.html" + }, + { + "name": "JVNDB-2011-000062", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000062" + }, + { + "name": "JVN#72854072", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN72854072/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1445.json b/2011/1xxx/CVE-2011-1445.json index 6a16a6c6638..90ac1f955cc 100644 --- a/2011/1xxx/CVE-2011-1445.json +++ b/2011/1xxx/CVE-2011-1445.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=76646", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=76646" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14557", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14557" - }, - { - "name" : "chrome-svg-code-exec(67152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=76646", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=76646" + }, + { + "name": "chrome-svg-code-exec(67152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67152" + }, + { + "name": "oval:org.mitre.oval:def:14557", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14557" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1914.json b/2011/1xxx/CVE-2011-1914.json index c670e9f8fc8..8a1d8185817 100644 --- a/2011/1xxx/CVE-2011-1914.json +++ b/2011/1xxx/CVE-2011-1914.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-1914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4407.json b/2011/4xxx/CVE-2011-4407.json index 3ef74bb946b..8b53ff45682 100644 --- a/2011/4xxx/CVE-2011-4407.json +++ b/2011/4xxx/CVE-2011-4407.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-4407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210" - }, - { - "name" : "USN-1352-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1352-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1352-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1352-1" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5272.json b/2011/5xxx/CVE-2011-5272.json index bece4f2b0bc..278db4b6c29 100644 --- a/2011/5xxx/CVE-2011-5272.json +++ b/2011/5xxx/CVE-2011-5272.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/13/1" - }, - { - "name" : "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/24/10" - }, - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498" - }, - { - "name" : "DSA-2365", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1" + }, + { + "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498" + }, + { + "name": "DSA-2365", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2365" + }, + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2119.json b/2014/2xxx/CVE-2014-2119.json index 564fec6e93d..dc2c69c4644 100644 --- a/2014/2xxx/CVE-2014-2119.json +++ b/2014/2xxx/CVE-2014-2119.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140319 Cisco AsyncOS Software Code Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140319 Cisco AsyncOS Software Code Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3138.json b/2014/3xxx/CVE-2014-3138.json index 083b87f9494..d1a37c6e740 100644 --- a/2014/3xxx/CVE-2014-3138.json +++ b/2014/3xxx/CVE-2014-3138.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32886", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32886" - }, - { - "name" : "20140415 Xerox DocuShare authenticated SQL injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/205" - }, - { - "name" : "http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf", - "refsource" : "MISC", - "url" : "http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf" - }, - { - "name" : "66922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66922" - }, - { - "name" : "105972", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/105972" - }, - { - "name" : "57996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57996" - }, - { - "name" : "xerox-docushare-sql-injection(92548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf", + "refsource": "MISC", + "url": "http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf" + }, + { + "name": "32886", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32886" + }, + { + "name": "105972", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/105972" + }, + { + "name": "57996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57996" + }, + { + "name": "http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html" + }, + { + "name": "66922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66922" + }, + { + "name": "xerox-docushare-sql-injection(92548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92548" + }, + { + "name": "20140415 Xerox DocuShare authenticated SQL injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/205" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3510.json b/2014/3xxx/CVE-2014-3510.json index 390380def31..eeaf6b3d71d 100644 --- a/2014/3xxx/CVE-2014-3510.json +++ b/2014/3xxx/CVE-2014-3510.json @@ -1,337 +1,337 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", - "refsource" : "MLIST", - "url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" - }, - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049" - }, - { - "name" : "https://www.openssl.org/news/secadv_20140806.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20140806.txt" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1053.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1053.html" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" - }, - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127503", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127503" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1052.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1052.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" - }, - { - "name" : "DSA-2998", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2998" - }, - { - "name" : "FEDORA-2014-9301", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" - }, - { - "name" : "FEDORA-2014-9308", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" - }, - { - "name" : "FreeBSD-SA-14:18", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc" - }, - { - "name" : "GLSA-201412-39", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml" - }, - { - "name" : "HPSBOV03099", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141077370928502&w=2" - }, - { - "name" : "HPSBUX03095", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2" - }, - { - "name" : "SSRT101674", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2" - }, - { - "name" : "HPSBHF03293", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "SSRT101846", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "MDVSA-2014:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158" - }, - { - "name" : "NetBSD-SA2014-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" - }, - { - "name" : "RHSA-2014:1256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1256.html" - }, - { - "name" : "RHSA-2014:1297", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1297.html" - }, - { - "name" : "openSUSE-SU-2014:1052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" - }, - { - "name" : "openSUSE-SU-2016:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" - }, - { - "name" : "69082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69082" - }, - { - "name" : "1030693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030693" - }, - { - "name" : "59221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59221" - }, - { - "name" : "60687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60687" - }, - { - "name" : "60824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60824" - }, - { - "name" : "60917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60917" - }, - { - "name" : "60921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60921" - }, - { - "name" : "60938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60938" - }, - { - "name" : "61775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61775" - }, - { - "name" : "61959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61959" - }, - { - "name" : "59756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59756" - }, - { - "name" : "60803", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60803" - }, - { - "name" : "61017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61017" - }, - { - "name" : "61045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61045" - }, - { - "name" : "61100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61100" - }, - { - "name" : "61250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61250" - }, - { - "name" : "61184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61184" - }, - { - "name" : "59743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59743" - }, - { - "name" : "60778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60778" - }, - { - "name" : "58962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58962" - }, - { - "name" : "59700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59700" - }, - { - "name" : "59710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59710" - }, - { - "name" : "60022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60022" - }, - { - "name" : "60684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60684" - }, - { - "name" : "60221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60221" - }, - { - "name" : "60493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60493" - }, - { - "name" : "openssl-cve20143510-dos(95164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1297", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html" + }, + { + "name": "openSUSE-SU-2014:1052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html" + }, + { + "name": "60221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60221" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" + }, + { + "name": "60778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60778" + }, + { + "name": "61184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61184" + }, + { + "name": "SSRT101846", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "RHSA-2014:1256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html" + }, + { + "name": "60022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60022" + }, + { + "name": "https://www.openssl.org/news/secadv_20140806.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20140806.txt" + }, + { + "name": "61017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61017" + }, + { + "name": "61250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61250" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" + }, + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" + }, + { + "name": "openssl-cve20143510-dos(95164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95164" + }, + { + "name": "GLSA-201412-39", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" + }, + { + "name": "HPSBHF03293", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "61045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61045" + }, + { + "name": "60803", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60803" + }, + { + "name": "60824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60824" + }, + { + "name": "HPSBUX03095", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2" + }, + { + "name": "59700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59700" + }, + { + "name": "FEDORA-2014-9308", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" + }, + { + "name": "1030693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030693" + }, + { + "name": "59743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59743" + }, + { + "name": "openSUSE-SU-2016:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" + }, + { + "name": "60917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60917" + }, + { + "name": "NetBSD-SA2014-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" + }, + { + "name": "60493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60493" + }, + { + "name": "59710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59710" + }, + { + "name": "60921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60921" + }, + { + "name": "HPSBOV03099", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141077370928502&w=2" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html" + }, + { + "name": "59221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59221" + }, + { + "name": "69082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69082" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" + }, + { + "name": "61100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61100" + }, + { + "name": "FreeBSD-SA-14:18", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc" + }, + { + "name": "61775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61775" + }, + { + "name": "DSA-2998", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2998" + }, + { + "name": "FEDORA-2014-9301", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" + }, + { + "name": "SSRT101674", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2" + }, + { + "name": "61959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61959" + }, + { + "name": "59756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59756" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" + }, + { + "name": "58962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58962" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html" + }, + { + "name": "60938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60938" + }, + { + "name": "60684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60684" + }, + { + "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", + "refsource": "MLIST", + "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" + }, + { + "name": "60687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60687" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127503", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127503" + }, + { + "name": "MDVSA-2014:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3824.json b/2014/3xxx/CVE-2014-3824.json index 7d07d5e2f43..94be891033a 100644 --- a/2014/3xxx/CVE-2014-3824.json +++ b/2014/3xxx/CVE-2014-3824.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646" - }, - { - "name" : "69804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69804" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3958.json b/2014/3xxx/CVE-2014-3958.json index f4751b4b8d2..59a5c5990b1 100644 --- a/2014/3xxx/CVE-2014-3958.json +++ b/2014/3xxx/CVE-2014-3958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3958", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3958", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6275.json b/2014/6xxx/CVE-2014-6275.json index d71926af2b7..7b8e3b000dc 100644 --- a/2014/6xxx/CVE-2014-6275.json +++ b/2014/6xxx/CVE-2014-6275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6397.json b/2014/6xxx/CVE-2014-6397.json index 028dcabf2ff..706dc0c6f66 100644 --- a/2014/6xxx/CVE-2014-6397.json +++ b/2014/6xxx/CVE-2014-6397.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6397", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6397", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6681.json b/2014/6xxx/CVE-2014-6681.json index 1a711fd3958..d7a99efb28b 100644 --- a/2014/6xxx/CVE-2014-6681.json +++ b/2014/6xxx/CVE-2014-6681.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#447505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/447505" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#447505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/447505" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7563.json b/2014/7xxx/CVE-2014-7563.json index 3382efc13b0..629ebbf39af 100644 --- a/2014/7xxx/CVE-2014-7563.json +++ b/2014/7xxx/CVE-2014-7563.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application 1.9.23.276 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#358537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/358537" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application 1.9.23.276 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#358537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/358537" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7643.json b/2014/7xxx/CVE-2014-7643.json index 9570c0a9542..c2a1ffe1f35 100644 --- a/2014/7xxx/CVE-2014-7643.json +++ b/2014/7xxx/CVE-2014-7643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The C.R. Group (aka com.c.r.group) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#450497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/450497" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The C.R. Group (aka com.c.r.group) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#450497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/450497" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7818.json b/2014/7xxx/CVE-2014-7818.json index 1eee5c08b41..403f8014425 100644 --- a/2014/7xxx/CVE-2014-7818.json +++ b/2014/7xxx/CVE-2014-7818.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rubyonrails-security] 20141030 Arbitrary file existence disclosure in Action Pack (CVE-2014-7818)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ" - }, - { - "name" : "https://puppet.com/security/cve/cve-2014-7829", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2014-7829" - }, - { - "name" : "openSUSE-SU-2014:1515", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/cve-2014-7829", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2014-7829" + }, + { + "name": "openSUSE-SU-2014:1515", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" + }, + { + "name": "[rubyonrails-security] 20141030 Arbitrary file existence disclosure in Action Pack (CVE-2014-7818)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7869.json b/2014/7xxx/CVE-2014-7869.json index ba781d9eeca..4c6f82af425 100644 --- a/2014/7xxx/CVE-2014-7869.json +++ b/2014/7xxx/CVE-2014-7869.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"administer contexts\" permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2254853", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2254853" - }, - { - "name" : "https://www.drupal.org/node/2253103", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2253103" - }, - { - "name" : "67173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67173" - }, - { - "name" : "58307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"administer contexts\" permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2253103", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2253103" + }, + { + "name": "https://www.drupal.org/node/2254853", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2254853" + }, + { + "name": "67173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67173" + }, + { + "name": "58307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58307" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7960.json b/2014/7xxx/CVE-2014-7960.json index 9d3a4b5d77f..48e95940c52 100644 --- a/2014/7xxx/CVE-2014-7960.json +++ b/2014/7xxx/CVE-2014-7960.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141007 CVE request for vulnerability in OpenStack Swift", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/07/39" - }, - { - "name" : "[oss-security] 20141008 Re: CVE request for vulnerability in OpenStack Swift", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/08/7" - }, - { - "name" : "https://bugs.launchpad.net/swift/+bug/1365350", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/swift/+bug/1365350" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "RHSA-2015:0835", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0835.html" - }, - { - "name" : "RHSA-2015:0836", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0836.html" - }, - { - "name" : "RHSA-2015:1495", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1495.html" - }, - { - "name" : "SUSE-SU-2015:1846", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" - }, - { - "name" : "USN-2704-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2704-1" - }, - { - "name" : "70279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70279" - }, - { - "name" : "openstack-swift-cve20147960-sec-bypass(96901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1846", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" + }, + { + "name": "[oss-security] 20141008 Re: CVE request for vulnerability in OpenStack Swift", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/08/7" + }, + { + "name": "https://bugs.launchpad.net/swift/+bug/1365350", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/swift/+bug/1365350" + }, + { + "name": "RHSA-2015:1495", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html" + }, + { + "name": "RHSA-2015:0835", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0835.html" + }, + { + "name": "openstack-swift-cve20147960-sec-bypass(96901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901" + }, + { + "name": "[oss-security] 20141007 CVE request for vulnerability in OpenStack Swift", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/07/39" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "USN-2704-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2704-1" + }, + { + "name": "70279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70279" + }, + { + "name": "RHSA-2015:0836", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0836.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8521.json b/2014/8xxx/CVE-2014-8521.json index f3d08ad099e..8077c32fc89 100644 --- a/2014/8xxx/CVE-2014-8521.json +++ b/2014/8xxx/CVE-2014-8521.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2299.json b/2016/2xxx/CVE-2016-2299.json index bccbe8d55e1..e6146bded27 100644 --- a/2016/2xxx/CVE-2016-2299.json +++ b/2016/2xxx/CVE-2016-2299.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-236", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-236" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-237", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-237" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-238", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-238" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-239", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-239" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-240", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-236", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-236" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-238", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-238" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-237", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-237" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-239", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-239" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-240", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-240" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2395.json b/2016/2xxx/CVE-2016-2395.json index 8da6360b2e3..b2080aaeac4 100644 --- a/2016/2xxx/CVE-2016-2395.json +++ b/2016/2xxx/CVE-2016-2395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18195.json b/2017/18xxx/CVE-2017-18195.json index 35a5d4fcb0b..af838036a7e 100644 --- a/2017/18xxx/CVE-2017-18195.json +++ b/2017/18xxx/CVE-2017-18195.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44194", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44194/" - }, - { - "name" : "https://github.com/concrete5/concrete5/pull/6008/files", - "refsource" : "MISC", - "url" : "https://github.com/concrete5/concrete5/pull/6008/files" - }, - { - "name" : "https://github.com/concrete5/concrete5/releases/tag/8.3.0", - "refsource" : "MISC", - "url" : "https://github.com/concrete5/concrete5/releases/tag/8.3.0" - }, - { - "name" : "https://github.com/r3naissance/NSE/blob/master/http-vuln-cve2017-18195.nse", - "refsource" : "MISC", - "url" : "https://github.com/r3naissance/NSE/blob/master/http-vuln-cve2017-18195.nse" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/r3naissance/NSE/blob/master/http-vuln-cve2017-18195.nse", + "refsource": "MISC", + "url": "https://github.com/r3naissance/NSE/blob/master/http-vuln-cve2017-18195.nse" + }, + { + "name": "https://github.com/concrete5/concrete5/pull/6008/files", + "refsource": "MISC", + "url": "https://github.com/concrete5/concrete5/pull/6008/files" + }, + { + "name": "44194", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44194/" + }, + { + "name": "https://github.com/concrete5/concrete5/releases/tag/8.3.0", + "refsource": "MISC", + "url": "https://github.com/concrete5/concrete5/releases/tag/8.3.0" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1467.json b/2017/1xxx/CVE-2017-1467.json index 1c2c9a786cc..d9840461083 100644 --- a/2017/1xxx/CVE-2017-1467.json +++ b/2017/1xxx/CVE-2017-1467.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-31T00:00:00", - "ID" : "CVE-2017-1467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "9.1" - }, - { - "version_value" : "11.3" - }, - { - "version_value" : "11.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-31T00:00:00", + "ID": "CVE-2017-1467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "9.1" + }, + { + "version_value": "11.3" + }, + { + "version_value": "11.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128466", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128466" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006063", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006063" - }, - { - "name" : "100103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128466", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128466" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006063", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006063" + }, + { + "name": "100103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100103" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5178.json b/2017/5xxx/CVE-2017-5178.json index 110b672b60e..4bbf2c5d499 100644 --- a/2017/5xxx/CVE-2017-5178.json +++ b/2017/5xxx/CVE-2017-5178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Schneider Electric Wonderware Intelligence 2014R3 and prior", - "version" : { - "version_data" : [ - { - "version_value" : "Schneider Electric Wonderware Intelligence 2014R3 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "default system account" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Schneider Electric Wonderware Intelligence 2014R3 and prior", + "version": { + "version_data": [ + { + "version_value": "Schneider Electric Wonderware Intelligence 2014R3 and prior" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-066-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-066-01" - }, - { - "name" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000119/", - "refsource" : "CONFIRM", - "url" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000119/" - }, - { - "name" : "96721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "default system account" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-066-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-066-01" + }, + { + "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000119/", + "refsource": "CONFIRM", + "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000119/" + }, + { + "name": "96721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96721" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5723.json b/2017/5xxx/CVE-2017-5723.json index 057fd36a869..8c97f38f003 100644 --- a/2017/5xxx/CVE-2017-5723.json +++ b/2017/5xxx/CVE-2017-5723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5723", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5723", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5883.json b/2017/5xxx/CVE-2017-5883.json index 80c2f49d224..d58d2b904d3 100644 --- a/2017/5xxx/CVE-2017-5883.json +++ b/2017/5xxx/CVE-2017-5883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5917.json b/2017/5xxx/CVE-2017-5917.json index f051cee7c73..1ff29e87d4c 100644 --- a/2017/5xxx/CVE-2017-5917.json +++ b/2017/5xxx/CVE-2017-5917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5917", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3213. Reason: This candidate is a reservation duplicate of CVE-2017-3213. Notes: All CVE users should reference CVE-2017-3213 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5917", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3213. Reason: This candidate is a reservation duplicate of CVE-2017-3213. Notes: All CVE users should reference CVE-2017-3213 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file