From d81b33a66184fc7a51e34051e4915ab46f4d1f76 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:30:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2201.json | 200 ++++++++++---------- 2006/2xxx/CVE-2006-2284.json | 190 +++++++++---------- 2006/2xxx/CVE-2006-2564.json | 170 ++++++++--------- 2006/3xxx/CVE-2006-3231.json | 200 ++++++++++---------- 2006/3xxx/CVE-2006-3251.json | 200 ++++++++++---------- 2006/3xxx/CVE-2006-3283.json | 140 +++++++------- 2006/3xxx/CVE-2006-3419.json | 150 +++++++-------- 2006/3xxx/CVE-2006-3536.json | 140 +++++++------- 2006/3xxx/CVE-2006-3584.json | 160 ++++++++-------- 2006/3xxx/CVE-2006-3844.json | 170 ++++++++--------- 2006/3xxx/CVE-2006-3867.json | 190 +++++++++---------- 2006/4xxx/CVE-2006-4040.json | 170 ++++++++--------- 2006/4xxx/CVE-2006-4435.json | 180 +++++++++--------- 2006/4xxx/CVE-2006-4574.json | 330 ++++++++++++++++----------------- 2006/4xxx/CVE-2006-4894.json | 150 +++++++-------- 2006/6xxx/CVE-2006-6343.json | 170 ++++++++--------- 2006/6xxx/CVE-2006-6405.json | 140 +++++++------- 2006/6xxx/CVE-2006-6460.json | 130 ++++++------- 2006/6xxx/CVE-2006-6478.json | 170 ++++++++--------- 2006/6xxx/CVE-2006-6496.json | 220 +++++++++++----------- 2006/6xxx/CVE-2006-6561.json | 230 +++++++++++------------ 2006/6xxx/CVE-2006-6735.json | 150 +++++++-------- 2006/6xxx/CVE-2006-6743.json | 150 +++++++-------- 2006/7xxx/CVE-2006-7012.json | 160 ++++++++-------- 2006/7xxx/CVE-2006-7132.json | 130 ++++++------- 2010/2xxx/CVE-2010-2149.json | 160 ++++++++-------- 2010/2xxx/CVE-2010-2709.json | 190 +++++++++---------- 2010/2xxx/CVE-2010-2979.json | 120 ++++++------ 2011/0xxx/CVE-2011-0038.json | 200 ++++++++++---------- 2011/0xxx/CVE-2011-0303.json | 34 ++-- 2011/0xxx/CVE-2011-0415.json | 34 ++-- 2011/0xxx/CVE-2011-0549.json | 170 ++++++++--------- 2011/0xxx/CVE-2011-0703.json | 34 ++-- 2011/0xxx/CVE-2011-0799.json | 120 ++++++------ 2011/0xxx/CVE-2011-0981.json | 260 +++++++++++++------------- 2011/1xxx/CVE-2011-1036.json | 220 +++++++++++----------- 2011/1xxx/CVE-2011-1095.json | 320 ++++++++++++++++---------------- 2011/1xxx/CVE-2011-1158.json | 220 +++++++++++----------- 2011/1xxx/CVE-2011-1218.json | 160 ++++++++-------- 2011/1xxx/CVE-2011-1712.json | 160 ++++++++-------- 2011/1xxx/CVE-2011-1814.json | 180 +++++++++--------- 2011/1xxx/CVE-2011-1862.json | 180 +++++++++--------- 2011/1xxx/CVE-2011-1940.json | 150 +++++++-------- 2011/3xxx/CVE-2011-3272.json | 140 +++++++------- 2011/4xxx/CVE-2011-4002.json | 130 ++++++------- 2011/4xxx/CVE-2011-4051.json | 140 +++++++------- 2011/4xxx/CVE-2011-4062.json | 200 ++++++++++---------- 2011/4xxx/CVE-2011-4287.json | 140 +++++++------- 2011/4xxx/CVE-2011-4305.json | 140 +++++++------- 2011/4xxx/CVE-2011-4475.json | 34 ++-- 2011/4xxx/CVE-2011-4922.json | 150 +++++++-------- 2011/5xxx/CVE-2011-5013.json | 34 ++-- 2011/5xxx/CVE-2011-5113.json | 130 ++++++------- 2013/5xxx/CVE-2013-5032.json | 130 ++++++------- 2014/2xxx/CVE-2014-2004.json | 140 +++++++------- 2014/2xxx/CVE-2014-2018.json | 180 +++++++++--------- 2014/2xxx/CVE-2014-2261.json | 34 ++-- 2014/2xxx/CVE-2014-2436.json | 190 +++++++++---------- 2014/2xxx/CVE-2014-2526.json | 180 +++++++++--------- 2014/2xxx/CVE-2014-2572.json | 140 +++++++------- 2014/2xxx/CVE-2014-2684.json | 170 ++++++++--------- 2014/3xxx/CVE-2014-3012.json | 140 +++++++------- 2014/3xxx/CVE-2014-3064.json | 140 +++++++------- 2014/3xxx/CVE-2014-3672.json | 170 ++++++++--------- 2014/6xxx/CVE-2014-6189.json | 130 ++++++------- 2014/6xxx/CVE-2014-6524.json | 130 ++++++------- 2014/6xxx/CVE-2014-6580.json | 120 ++++++------ 2014/6xxx/CVE-2014-6626.json | 130 ++++++------- 2014/6xxx/CVE-2014-6788.json | 140 +++++++------- 2014/6xxx/CVE-2014-6879.json | 140 +++++++------- 2014/6xxx/CVE-2014-6895.json | 140 +++++++------- 2014/7xxx/CVE-2014-7236.json | 34 ++-- 2014/7xxx/CVE-2014-7295.json | 170 ++++++++--------- 2014/7xxx/CVE-2014-7498.json | 140 +++++++------- 2014/7xxx/CVE-2014-7664.json | 140 +++++++------- 2014/7xxx/CVE-2014-7803.json | 140 +++++++------- 2014/7xxx/CVE-2014-7840.json | 170 ++++++++--------- 2014/7xxx/CVE-2014-7863.json | 34 ++-- 2017/0xxx/CVE-2017-0028.json | 122 ++++++------ 2017/0xxx/CVE-2017-0084.json | 150 +++++++-------- 2017/0xxx/CVE-2017-0145.json | 190 +++++++++---------- 2017/0xxx/CVE-2017-0208.json | 140 +++++++------- 2017/0xxx/CVE-2017-0230.json | 130 ++++++------- 2017/0xxx/CVE-2017-0453.json | 150 +++++++-------- 2017/18xxx/CVE-2017-18102.json | 142 +++++++------- 2017/18xxx/CVE-2017-18200.json | 130 ++++++------- 2017/18xxx/CVE-2017-18301.json | 140 +++++++------- 2017/1xxx/CVE-2017-1200.json | 178 +++++++++--------- 2017/1xxx/CVE-2017-1268.json | 188 +++++++++---------- 2017/1xxx/CVE-2017-1346.json | 140 +++++++------- 2017/1xxx/CVE-2017-1496.json | 168 ++++++++--------- 2017/1xxx/CVE-2017-1831.json | 34 ++-- 2017/1xxx/CVE-2017-1948.json | 34 ++-- 2017/5xxx/CVE-2017-5070.json | 170 ++++++++--------- 2017/5xxx/CVE-2017-5124.json | 200 ++++++++++---------- 2017/5xxx/CVE-2017-5131.json | 170 ++++++++--------- 2017/5xxx/CVE-2017-5350.json | 130 ++++++------- 2017/5xxx/CVE-2017-5447.json | 284 ++++++++++++++-------------- 2017/5xxx/CVE-2017-5726.json | 34 ++-- 2017/5xxx/CVE-2017-5913.json | 120 ++++++------ 100 files changed, 7528 insertions(+), 7528 deletions(-) diff --git a/2006/2xxx/CVE-2006-2201.json b/2006/2xxx/CVE-2006-2201.json index 1930106b058..d05f8a3b9fd 100644 --- a/2006/2xxx/CVE-2006-2201.json +++ b/2006/2xxx/CVE-2006-2201.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain \"problem state program\" that uses SVC to gain access to supervisor state, key 0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433246/100/0/threaded" - }, - { - "name" : "http://supportconnectw.ca.com/public/ca_common_docs/cairimsecurity-notice.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/ca_common_docs/cairimsecurity-notice.asp" - }, - { - "name" : "http://supportconnectw.ca.com/public/ca_common_docs/cairim-affprods.asp", - "refsource" : "MISC", - "url" : "http://supportconnectw.ca.com/public/ca_common_docs/cairim-affprods.asp" - }, - { - "name" : "17840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17840" - }, - { - "name" : "ADV-2006-1656", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1656" - }, - { - "name" : "25234", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25234" - }, - { - "name" : "1016028", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016028" - }, - { - "name" : "19953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19953" - }, - { - "name" : "cairim-lmp-privilege-escalation(26234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain \"problem state program\" that uses SVC to gain access to supervisor state, key 0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1656", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1656" + }, + { + "name": "25234", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25234" + }, + { + "name": "1016028", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016028" + }, + { + "name": "http://supportconnectw.ca.com/public/ca_common_docs/cairimsecurity-notice.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/ca_common_docs/cairimsecurity-notice.asp" + }, + { + "name": "20060508 CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433246/100/0/threaded" + }, + { + "name": "17840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17840" + }, + { + "name": "cairim-lmp-privilege-escalation(26234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26234" + }, + { + "name": "19953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19953" + }, + { + "name": "http://supportconnectw.ca.com/public/ca_common_docs/cairim-affprods.asp", + "refsource": "MISC", + "url": "http://supportconnectw.ca.com/public/ca_common_docs/cairim-affprods.asp" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2284.json b/2006/2xxx/CVE-2006-2284.json index feff180005c..fd169d97735 100644 --- a/2006/2xxx/CVE-2006-2284.json +++ b/2006/2xxx/CVE-2006-2284.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 Claroline Open Source e-Learning 1.7.5 Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433249/100/0/threaded" - }, - { - "name" : "1766", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1766" - }, - { - "name" : "17873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17873" - }, - { - "name" : "ADV-2006-1701", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1701" - }, - { - "name" : "25316", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25316" - }, - { - "name" : "20003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20003" - }, - { - "name" : "875", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/875" - }, - { - "name" : "claroline-ldapinc-casprocessinc-file-include(26280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "875", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/875" + }, + { + "name": "25316", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25316" + }, + { + "name": "ADV-2006-1701", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1701" + }, + { + "name": "claroline-ldapinc-casprocessinc-file-include(26280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26280" + }, + { + "name": "1766", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1766" + }, + { + "name": "17873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17873" + }, + { + "name": "20003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20003" + }, + { + "name": "20060508 Claroline Open Source e-Learning 1.7.5 Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433249/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2564.json b/2006/2xxx/CVE-2006-2564.json index d149dac815c..999bf7e2d51 100644 --- a/2006/2xxx/CVE-2006-2564.json +++ b/2006/2xxx/CVE-2006-2564.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060522 AlstraSoft E-Friends - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434846/100/0/threaded" - }, - { - "name" : "18079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18079" - }, - { - "name" : "ADV-2006-1944", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1944" - }, - { - "name" : "20229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20229" - }, - { - "name" : "954", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/954" - }, - { - "name" : "alstrasoft-efriends-index-xss(26650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1944", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1944" + }, + { + "name": "20060522 AlstraSoft E-Friends - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434846/100/0/threaded" + }, + { + "name": "alstrasoft-efriends-index-xss(26650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26650" + }, + { + "name": "18079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18079" + }, + { + "name": "20229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20229" + }, + { + "name": "954", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/954" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3231.json b/2006/3xxx/CVE-2006-3231.json index 1b64659eaac..d63681c8aa2 100644 --- a/2006/3xxx/CVE-2006-3231.json +++ b/2006/3xxx/CVE-2006-3231.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via \"URIs with special characters.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541" - }, - { - "name" : "PK22928", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876" - }, - { - "name" : "18578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18578" - }, - { - "name" : "22991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22991" - }, - { - "name" : "ADV-2006-2482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2482" - }, - { - "name" : "ADV-2007-0970", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0970" - }, - { - "name" : "20732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20732" - }, - { - "name" : "24478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via \"URIs with special characters.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20732" + }, + { + "name": "PK22928", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876" + }, + { + "name": "ADV-2007-0970", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0970" + }, + { + "name": "24478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24478" + }, + { + "name": "ADV-2006-2482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2482" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541" + }, + { + "name": "18578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18578" + }, + { + "name": "22991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22991" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3251.json b/2006/3xxx/CVE-2006-3251.json index 0cf73fdfd01..4aeb394985c 100644 --- a/2006/3xxx/CVE-2006-3251.json +++ b/2006/3xxx/CVE-2006-3251.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hashcash.org/source/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://www.hashcash.org/source/CHANGELOG" - }, - { - "name" : "DSA-1114", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1114" - }, - { - "name" : "GLSA-200606-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-25.xml" - }, - { - "name" : "18659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18659" - }, - { - "name" : "ADV-2006-2551", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2551" - }, - { - "name" : "20800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20800" - }, - { - "name" : "20846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20846" - }, - { - "name" : "21146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21146" - }, - { - "name" : "hashcash-arraypush-bo(27422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2551", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2551" + }, + { + "name": "hashcash-arraypush-bo(27422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27422" + }, + { + "name": "20800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20800" + }, + { + "name": "21146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21146" + }, + { + "name": "GLSA-200606-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-25.xml" + }, + { + "name": "DSA-1114", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1114" + }, + { + "name": "20846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20846" + }, + { + "name": "http://www.hashcash.org/source/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://www.hashcash.org/source/CHANGELOG" + }, + { + "name": "18659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18659" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3283.json b/2006/3xxx/CVE-2006-3283.json index ad09d37be36..e646921b4ad 100644 --- a/2006/3xxx/CVE-2006-3283.json +++ b/2006/3xxx/CVE-2006-3283.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060622 Dating Agent PRO 4.7.1 Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438160/100/100/threaded" - }, - { - "name" : "1164", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1164" - }, - { - "name" : "datingagent-multiple-scripts-sql-injection(27342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "datingagent-multiple-scripts-sql-injection(27342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27342" + }, + { + "name": "1164", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1164" + }, + { + "name": "20060622 Dating Agent PRO 4.7.1 Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438160/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3419.json b/2006/3xxx/CVE-2006-3419.json index 11167f060d1..55f74e7e7e5 100644 --- a/2006/3xxx/CVE-2006-3419.json +++ b/2006/3xxx/CVE-2006-3419.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tor.eff.org/cvs/tor/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://tor.eff.org/cvs/tor/ChangeLog" - }, - { - "name" : "GLSA-200606-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml" - }, - { - "name" : "25880", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25880" - }, - { - "name" : "20514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25880", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25880" + }, + { + "name": "20514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20514" + }, + { + "name": "GLSA-200606-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200606-04.xml" + }, + { + "name": "http://tor.eff.org/cvs/tor/ChangeLog", + "refsource": "CONFIRM", + "url": "http://tor.eff.org/cvs/tor/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3536.json b/2006/3xxx/CVE-2006-3536.json index b74fa131629..e449b378ce5 100644 --- a/2006/3xxx/CVE-2006-3536.json +++ b/2006/3xxx/CVE-2006-3536.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18935" - }, - { - "name" : "ADV-2006-2736", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2736" - }, - { - "name" : "topo-index-command-execution(27659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "topo-index-command-execution(27659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27659" + }, + { + "name": "ADV-2006-2736", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2736" + }, + { + "name": "18935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18935" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3584.json b/2006/3xxx/CVE-2006-3584.json index 9a23fb2a908..f4c8425910e 100644 --- a/2006/3xxx/CVE-2006-3584.json +++ b/2006/3xxx/CVE-2006-3584.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-3584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060802 Secunia Research: Jetbox Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441980/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-57/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-57/advisory/" - }, - { - "name" : "19303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19303" - }, - { - "name" : "20889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20889" - }, - { - "name" : "1339", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19303" + }, + { + "name": "20060802 Secunia Research: Jetbox Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441980/100/0/threaded" + }, + { + "name": "1339", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1339" + }, + { + "name": "http://secunia.com/secunia_research/2006-57/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-57/advisory/" + }, + { + "name": "20889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20889" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3844.json b/2006/3xxx/CVE-2006-3844.json index 45a61849069..f59cf06c7b8 100644 --- a/2006/3xxx/CVE-2006-3844.json +++ b/2006/3xxx/CVE-2006-3844.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/exploits/5WP0C2AJ5W.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/5WP0C2AJ5W.html" - }, - { - "name" : "19067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19067" - }, - { - "name" : "ADV-2006-2875", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2875" - }, - { - "name" : "27400", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27400" - }, - { - "name" : "21127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21127" - }, - { - "name" : "quickneasy-list-command-bo(27839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2875", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2875" + }, + { + "name": "http://www.securiteam.com/exploits/5WP0C2AJ5W.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5WP0C2AJ5W.html" + }, + { + "name": "21127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21127" + }, + { + "name": "quickneasy-list-command-bo(27839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27839" + }, + { + "name": "27400", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27400" + }, + { + "name": "19067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19067" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3867.json b/2006/3xxx/CVE-2006-3867.json index a4504a37b03..18b856508e9 100644 --- a/2006/3xxx/CVE-2006-3867.json +++ b/2006/3xxx/CVE-2006-3867.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02161", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "SSRT061264", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "MS06-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059" - }, - { - "name" : "VU#821772", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/821772" - }, - { - "name" : "20345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20345" - }, - { - "name" : "ADV-2006-3978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3978" - }, - { - "name" : "oval:org.mitre.oval:def:481", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A481" - }, - { - "name" : "1017031", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20345" + }, + { + "name": "SSRT061264", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "MS06-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059" + }, + { + "name": "1017031", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017031" + }, + { + "name": "HPSBST02161", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "ADV-2006-3978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3978" + }, + { + "name": "oval:org.mitre.oval:def:481", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A481" + }, + { + "name": "VU#821772", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/821772" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4040.json b/2006/4xxx/CVE-2006-4040.json index 36f302328bb..2376c09ef26 100644 --- a/2006/4xxx/CVE-2006-4040.json +++ b/2006/4xxx/CVE-2006-4040.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2093", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2093" - }, - { - "name" : "19246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19246" - }, - { - "name" : "ADV-2006-1384", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1384" - }, - { - "name" : "24725", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24725" - }, - { - "name" : "19680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19680" - }, - { - "name" : "myevent-myevent-file-include(28347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24725", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24725" + }, + { + "name": "19680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19680" + }, + { + "name": "2093", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2093" + }, + { + "name": "19246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19246" + }, + { + "name": "myevent-myevent-file-include(28347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28347" + }, + { + "name": "ADV-2006-1384", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1384" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4435.json b/2006/4xxx/CVE-2006-4435.json index 54056acd34e..6111498b300 100644 --- a/2006/4xxx/CVE-2006-4435.json +++ b/2006/4xxx/CVE-2006-4435.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[3.8] 20060825 012: SECURITY FIX: August 25, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata38.html#sem" - }, - { - "name" : "[3.9] 20060825 007: SECURITY FIX: August 25, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#sem" - }, - { - "name" : "19713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19713" - }, - { - "name" : "28195", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28195" - }, - { - "name" : "1016756", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016756" - }, - { - "name" : "21642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21642" - }, - { - "name" : "openbsd-semaphores-dos(28617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28195", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28195" + }, + { + "name": "1016756", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016756" + }, + { + "name": "21642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21642" + }, + { + "name": "19713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19713" + }, + { + "name": "[3.9] 20060825 007: SECURITY FIX: August 25, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#sem" + }, + { + "name": "[3.8] 20060825 012: SECURITY FIX: August 25, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata38.html#sem" + }, + { + "name": "openbsd-semaphores-dos(28617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28617" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4574.json b/2006/4xxx/CVE-2006-4574.json index a4ac19673e2..2f05196df4f 100644 --- a/2006/4xxx/CVE-2006-4574.json +++ b/2006/4xxx/CVE-2006-4574.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061101 rPSA-2006-0202-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450307/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-746", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-746" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm" - }, - { - "name" : "DSA-1201", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1201" - }, - { - "name" : "MDKSA-2006:195", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195" - }, - { - "name" : "RHSA-2006:0726", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0726.html" - }, - { - "name" : "20061101-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" - }, - { - "name" : "SUSE-SA:2006:065", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html" - }, - { - "name" : "20762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20762" - }, - { - "name" : "oval:org.mitre.oval:def:9740", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9740" - }, - { - "name" : "ADV-2006-4220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4220" - }, - { - "name" : "1017129", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017129" - }, - { - "name" : "22590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22590" - }, - { - "name" : "22692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22692" - }, - { - "name" : "22659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22659" - }, - { - "name" : "22672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22672" - }, - { - "name" : "22797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22797" - }, - { - "name" : "22841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22841" - }, - { - "name" : "22929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22929" - }, - { - "name" : "23096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23096" - }, - { - "name" : "wireshark-mime-dos(29844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wireshark-mime-dos(29844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29844" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm" + }, + { + "name": "oval:org.mitre.oval:def:9740", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9740" + }, + { + "name": "23096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23096" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2006-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2006-03.html" + }, + { + "name": "DSA-1201", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1201" + }, + { + "name": "https://issues.rpath.com/browse/RPL-746", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-746" + }, + { + "name": "22590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22590" + }, + { + "name": "20061101-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" + }, + { + "name": "ADV-2006-4220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4220" + }, + { + "name": "22841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22841" + }, + { + "name": "20762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20762" + }, + { + "name": "SUSE-SA:2006:065", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html" + }, + { + "name": "RHSA-2006:0726", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0726.html" + }, + { + "name": "22929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22929" + }, + { + "name": "20061101 rPSA-2006-0202-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450307/100/0/threaded" + }, + { + "name": "22659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22659" + }, + { + "name": "22692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22692" + }, + { + "name": "MDKSA-2006:195", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195" + }, + { + "name": "1017129", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017129" + }, + { + "name": "22672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22672" + }, + { + "name": "22797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22797" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4894.json b/2006/4xxx/CVE-2006-4894.json index 0ebe364f860..c0b7c69788a 100644 --- a/2006/4xxx/CVE-2006-4894.json +++ b/2006/4xxx/CVE-2006-4894.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060916 NixieAffiliate all version bypass admin and xss", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446306/100/0/threaded" - }, - { - "name" : "20084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20084" - }, - { - "name" : "22063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22063" - }, - { - "name" : "1616", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22063" + }, + { + "name": "20084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20084" + }, + { + "name": "20060916 NixieAffiliate all version bypass admin and xss", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446306/100/0/threaded" + }, + { + "name": "1616", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1616" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6343.json b/2006/6xxx/CVE-2006-6343.json index 1982f93f4a7..2866e80ce51 100644 --- a/2006/6xxx/CVE-2006-6343.json +++ b/2006/6xxx/CVE-2006-6343.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061130 Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453125/100/0/threaded" - }, - { - "name" : "21366", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21366" - }, - { - "name" : "ADV-2006-4805", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4805" - }, - { - "name" : "23180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23180" - }, - { - "name" : "1974", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1974" - }, - { - "name" : "seditio-polls-sql-injection(30640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23180" + }, + { + "name": "21366", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21366" + }, + { + "name": "20061130 Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453125/100/0/threaded" + }, + { + "name": "ADV-2006-4805", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4805" + }, + { + "name": "1974", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1974" + }, + { + "name": "seditio-polls-sql-injection(30640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30640" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6405.json b/2006/6xxx/CVE-2006-6405.json index d98f29d5f93..319a03260d4 100644 --- a/2006/6xxx/CVE-2006-6405.json +++ b/2006/6xxx/CVE-2006-6405.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453654/100/0/threaded" - }, - { - "name" : "http://www.quantenblog.net/security/virus-scanner-bypass", - "refsource" : "MISC", - "url" : "http://www.quantenblog.net/security/virus-scanner-bypass" - }, - { - "name" : "21461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21461" + }, + { + "name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded" + }, + { + "name": "http://www.quantenblog.net/security/virus-scanner-bypass", + "refsource": "MISC", + "url": "http://www.quantenblog.net/security/virus-scanner-bypass" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6460.json b/2006/6xxx/CVE-2006-6460.json index fdf1c019ebd..eb7929d9ae5 100644 --- a/2006/6xxx/CVE-2006-6460.json +++ b/2006/6xxx/CVE-2006-6460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060518 Yourfreeworld.com Short Url & Url Tracker Script", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0384.html" - }, - { - "name" : "yourfreeworld-shorturl-login-path-disclosure(26573)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060518 Yourfreeworld.com Short Url & Url Tracker Script", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0384.html" + }, + { + "name": "yourfreeworld-shorturl-login-path-disclosure(26573)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26573" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6478.json b/2006/6xxx/CVE-2006-6478.json index b5ccdfb451d..c6d391ac13b 100644 --- a/2006/6xxx/CVE-2006-6478.json +++ b/2006/6xxx/CVE-2006-6478.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061209 AnnonceScriptHP V2.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453966/100/0/threaded" - }, - { - "name" : "21514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21514" - }, - { - "name" : "ADV-2006-4940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4940" - }, - { - "name" : "23318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23318" - }, - { - "name" : "2019", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2019" - }, - { - "name" : "annoncescripthp-multiple-sql-injection(30803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061209 AnnonceScriptHP V2.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453966/100/0/threaded" + }, + { + "name": "21514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21514" + }, + { + "name": "annoncescripthp-multiple-sql-injection(30803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30803" + }, + { + "name": "23318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23318" + }, + { + "name": "ADV-2006-4940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4940" + }, + { + "name": "2019", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2019" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6496.json b/2006/6xxx/CVE-2006-6496.json index 9da0a2ddc84..ee118c170dc 100644 --- a/2006/6xxx/CVE-2006-6496.json +++ b/2006/6xxx/CVE-2006-6496.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system crash) via certain IOCTLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061214 [CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454420/100/0/threaded" - }, - { - "name" : "http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=41", - "refsource" : "MISC", - "url" : "http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=41" - }, - { - "name" : "http://crm.my-etrust.com/CIDocument.asp?KDId=2651&GUID=9FD7E4F8362C4A168D88B4FFA34DCB4C", - "refsource" : "CONFIRM", - "url" : "http://crm.my-etrust.com/CIDocument.asp?KDId=2651&GUID=9FD7E4F8362C4A168D88B4FFA34DCB4C" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34870", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34870" - }, - { - "name" : "21593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21593" - }, - { - "name" : "ADV-2006-5010", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5010" - }, - { - "name" : "30845", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30845" - }, - { - "name" : "1017381", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017381" - }, - { - "name" : "1017382", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017382" - }, - { - "name" : "23378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23378" - }, - { - "name" : "ca-vetmonnt-vetfddnt-dos(30909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system crash) via certain IOCTLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34870", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34870" + }, + { + "name": "http://crm.my-etrust.com/CIDocument.asp?KDId=2651&GUID=9FD7E4F8362C4A168D88B4FFA34DCB4C", + "refsource": "CONFIRM", + "url": "http://crm.my-etrust.com/CIDocument.asp?KDId=2651&GUID=9FD7E4F8362C4A168D88B4FFA34DCB4C" + }, + { + "name": "20061214 [CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454420/100/0/threaded" + }, + { + "name": "http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=41", + "refsource": "MISC", + "url": "http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=41" + }, + { + "name": "30845", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30845" + }, + { + "name": "21593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21593" + }, + { + "name": "1017382", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017382" + }, + { + "name": "ca-vetmonnt-vetfddnt-dos(30909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30909" + }, + { + "name": "23378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23378" + }, + { + "name": "ADV-2006-5010", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5010" + }, + { + "name": "1017381", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017381" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6561.json b/2006/6xxx/CVE-2006-6561.json index f92cb177472..c3be436707c 100644 --- a/2006/6xxx/CVE-2006-6561.json +++ b/2006/6xxx/CVE-2006-6561.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061212 Re: Re: The newest Word flaw is due to malformed data structure handling", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454219/30/0/threaded" - }, - { - "name" : "http://blogs.securiteam.com/?p=763", - "refsource" : "MISC", - "url" : "http://blogs.securiteam.com/?p=763" - }, - { - "name" : "http://research.eeye.com/html/alerts/zeroday/20061212.html", - "refsource" : "MISC", - "url" : "http://research.eeye.com/html/alerts/zeroday/20061212.html" - }, - { - "name" : "http://www.infoworld.com/article/06/12/13/HNthirdword_1.html", - "refsource" : "MISC", - "url" : "http://www.infoworld.com/article/06/12/13/HNthirdword_1.html" - }, - { - "name" : "http://www.milw0rm.com/sploits/12122006-djtest.doc", - "refsource" : "MISC", - "url" : "http://www.milw0rm.com/sploits/12122006-djtest.doc" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx" - }, - { - "name" : "VU#996892", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/996892" - }, - { - "name" : "21589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21589" - }, - { - "name" : "ADV-2006-4997", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4997" - }, - { - "name" : "oval:org.mitre.oval:def:332", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A332" - }, - { - "name" : "1017390", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017390" - }, - { - "name" : "word-pointer-code-execution(30885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21589" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx" + }, + { + "name": "1017390", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017390" + }, + { + "name": "http://www.infoworld.com/article/06/12/13/HNthirdword_1.html", + "refsource": "MISC", + "url": "http://www.infoworld.com/article/06/12/13/HNthirdword_1.html" + }, + { + "name": "http://www.milw0rm.com/sploits/12122006-djtest.doc", + "refsource": "MISC", + "url": "http://www.milw0rm.com/sploits/12122006-djtest.doc" + }, + { + "name": "20061212 Re: Re: The newest Word flaw is due to malformed data structure handling", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454219/30/0/threaded" + }, + { + "name": "http://research.eeye.com/html/alerts/zeroday/20061212.html", + "refsource": "MISC", + "url": "http://research.eeye.com/html/alerts/zeroday/20061212.html" + }, + { + "name": "VU#996892", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/996892" + }, + { + "name": "ADV-2006-4997", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4997" + }, + { + "name": "http://blogs.securiteam.com/?p=763", + "refsource": "MISC", + "url": "http://blogs.securiteam.com/?p=763" + }, + { + "name": "word-pointer-code-execution(30885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30885" + }, + { + "name": "oval:org.mitre.oval:def:332", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A332" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6735.json b/2006/6xxx/CVE-2006-6735.json index da2db76cb92..5ae0258c3a9 100644 --- a/2006/6xxx/CVE-2006-6735.json +++ b/2006/6xxx/CVE-2006-6735.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061219 Multiple Bugs in MINI WEB SHOP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454864/100/0/threaded" - }, - { - "name" : "20061226 MINI WEB SHOP vuln report - incomplete researcher diagnosis", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-December/001197.html" - }, - { - "name" : "21677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21677" - }, - { - "name" : "2072", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2072", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2072" + }, + { + "name": "21677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21677" + }, + { + "name": "20061226 MINI WEB SHOP vuln report - incomplete researcher diagnosis", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-December/001197.html" + }, + { + "name": "20061219 Multiple Bugs in MINI WEB SHOP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454864/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6743.json b/2006/6xxx/CVE-2006-6743.json index e3552a106d8..49687ee0033 100644 --- a/2006/6xxx/CVE-2006-6743.json +++ b/2006/6xxx/CVE-2006-6743.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310" - }, - { - "name" : "ADV-2006-4446", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4446" - }, - { - "name" : "22728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22728" - }, - { - "name" : "phpprofiles-permissions-info-disclosure(30171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpprofiles-permissions-info-disclosure(30171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30171" + }, + { + "name": "22728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22728" + }, + { + "name": "ADV-2006-4446", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4446" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7012.json b/2006/7xxx/CVE-2006-7012.json index d5bd08c0772..33dd7b3e59c 100644 --- a/2006/7xxx/CVE-2006-7012.json +++ b/2006/7xxx/CVE-2006-7012.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060603 [ECHO_ADV_32$2006] SCart 2.0 Remote Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435861/30/4710/threaded" - }, - { - "name" : "1876", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1876" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv32-K-159-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv32-K-159-2006.txt" - }, - { - "name" : "2257", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2257" - }, - { - "name" : "scart-cgi-command-execution(26921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060603 [ECHO_ADV_32$2006] SCart 2.0 Remote Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435861/30/4710/threaded" + }, + { + "name": "1876", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1876" + }, + { + "name": "http://advisories.echo.or.id/adv/adv32-K-159-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv32-K-159-2006.txt" + }, + { + "name": "2257", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2257" + }, + { + "name": "scart-cgi-command-execution(26921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26921" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7132.json b/2006/7xxx/CVE-2006-7132.json index 8e08493c58f..2efc3ef43bb 100644 --- a/2006/7xxx/CVE-2006-7132.json +++ b/2006/7xxx/CVE-2006-7132.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2664", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2664" - }, - { - "name" : "phpmydesk-viewticket-file-include(29872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmydesk-viewticket-file-include(29872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29872" + }, + { + "name": "2664", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2664" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2149.json b/2010/2xxx/CVE-2010-2149.json index a956f3ba894..63e9914c66c 100644 --- a/2010/2xxx/CVE-2010-2149.json +++ b/2010/2xxx/CVE-2010-2149.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html", - "refsource" : "CONFIRM", - "url" : "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html" - }, - { - "name" : "JVN#36925871", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN36925871/index.html" - }, - { - "name" : "JVNDB-2010-000023", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000023.html" - }, - { - "name" : "40513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40513" - }, - { - "name" : "40029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40513" + }, + { + "name": "JVN#36925871", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN36925871/index.html" + }, + { + "name": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html", + "refsource": "CONFIRM", + "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html" + }, + { + "name": "JVNDB-2010-000023", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000023.html" + }, + { + "name": "40029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40029" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2709.json b/2010/2xxx/CVE-2010-2709.json index 05fbe2b6a01..23036138c23 100644 --- a/2010/2xxx/CVE-2010-2709.json +++ b/2010/2xxx/CVE-2010-2709.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-2709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14547", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14547" - }, - { - "name" : "http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow" - }, - { - "name" : "HPSBMA02563", - "refsource" : "HP", - "url" : "http://seclists.org/bugtraq/2010/Aug/21" - }, - { - "name" : "SSRT100165", - "refsource" : "HP", - "url" : "http://seclists.org/bugtraq/2010/Aug/21" - }, - { - "name" : "42154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42154" - }, - { - "name" : "1024274", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024274" - }, - { - "name" : "8150", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8150" - }, - { - "name" : "hp-ovnnm-ovjavalocale-bo(60880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-ovnnm-ovjavalocale-bo(60880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60880" + }, + { + "name": "14547", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14547" + }, + { + "name": "8150", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8150" + }, + { + "name": "1024274", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024274" + }, + { + "name": "SSRT100165", + "refsource": "HP", + "url": "http://seclists.org/bugtraq/2010/Aug/21" + }, + { + "name": "42154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42154" + }, + { + "name": "http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow" + }, + { + "name": "HPSBMA02563", + "refsource": "HP", + "url": "http://seclists.org/bugtraq/2010/Aug/21" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2979.json b/2010/2xxx/CVE-2010-2979.json index ef2cf60bd0c..93d3439cbb5 100644 --- a/2010/2xxx/CVE-2010-2979.json +++ b/2010/2xxx/CVE-2010-2979.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0038.json b/2011/0xxx/CVE-2011-0038.json index 07f59788681..3067741c622 100644 --- a/2011/0xxx/CVE-2011-0038.json +++ b/2011/0xxx/CVE-2011-0038.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka \"Internet Explorer Insecure Library Loading Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortiguard.com/advisory/FGA-2011-04.html", - "refsource" : "MISC", - "url" : "http://www.fortiguard.com/advisory/FGA-2011-04.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100127294", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100127294" - }, - { - "name" : "MS11-003", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003" - }, - { - "name" : "46159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46159" - }, - { - "name" : "70833", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70833" - }, - { - "name" : "oval:org.mitre.oval:def:12270", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12270" - }, - { - "name" : "1025038", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025038" - }, - { - "name" : "ADV-2011-0318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0318" - }, - { - "name" : "ms-ie-dll-code-execution(64913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka \"Internet Explorer Insecure Library Loading Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70833", + "refsource": "OSVDB", + "url": "http://osvdb.org/70833" + }, + { + "name": "46159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46159" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100127294", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100127294" + }, + { + "name": "ADV-2011-0318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0318" + }, + { + "name": "ms-ie-dll-code-execution(64913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64913" + }, + { + "name": "oval:org.mitre.oval:def:12270", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12270" + }, + { + "name": "MS11-003", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003" + }, + { + "name": "http://www.fortiguard.com/advisory/FGA-2011-04.html", + "refsource": "MISC", + "url": "http://www.fortiguard.com/advisory/FGA-2011-04.html" + }, + { + "name": "1025038", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025038" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0303.json b/2011/0xxx/CVE-2011-0303.json index 1c942cfb976..a08ddbe4510 100644 --- a/2011/0xxx/CVE-2011-0303.json +++ b/2011/0xxx/CVE-2011-0303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0415.json b/2011/0xxx/CVE-2011-0415.json index 8402d2d7170..583519d76a7 100644 --- a/2011/0xxx/CVE-2011-0415.json +++ b/2011/0xxx/CVE-2011-0415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0415", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0415", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0549.json b/2011/0xxx/CVE-2011-0549.json index f6da5c2d35b..bab6957cda7 100644 --- a/2011/0xxx/CVE-2011-0549.json +++ b/2011/0xxx/CVE-2011-0549.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-233/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-233/" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00" - }, - { - "name" : "48318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48318" - }, - { - "name" : "1025753", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025753" - }, - { - "name" : "45146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45146" - }, - { - "name" : "symantec-web-gui-sql-injection(68428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45146" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-233/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-233/" + }, + { + "name": "1025753", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025753" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00" + }, + { + "name": "48318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48318" + }, + { + "name": "symantec-web-gui-sql-injection(68428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68428" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0703.json b/2011/0xxx/CVE-2011-0703.json index 03a4890f644..9a694dd9fc1 100644 --- a/2011/0xxx/CVE-2011-0703.json +++ b/2011/0xxx/CVE-2011-0703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0703", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0703", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0799.json b/2011/0xxx/CVE-2011-0799.json index b1e0f239508..96f8db6b135 100644 --- a/2011/0xxx/CVE-2011-0799.json +++ b/2011/0xxx/CVE-2011-0799.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB), 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Warehouse Builder User Account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB), 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Warehouse Builder User Account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0981.json b/2011/0xxx/CVE-2011-0981.json index 139b1ee2b32..755a1cf7b41 100644 --- a/2011/0xxx/CVE-2011-0981.json +++ b/2011/0xxx/CVE-2011-0981.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=67234", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=67234" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html" - }, - { - "name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2190", - "refsource" : "CONFIRM", - "url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2190" - }, - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "DSA-2166", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2166" - }, - { - "name" : "46262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46262" - }, - { - "name" : "oval:org.mitre.oval:def:14320", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14320" - }, - { - "name" : "43342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43342" - }, - { - "name" : "43368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43368" - }, - { - "name" : "ADV-2011-0408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43368" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html" + }, + { + "name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2190", + "refsource": "CONFIRM", + "url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2190" + }, + { + "name": "43342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43342" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "DSA-2166", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2166" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "ADV-2011-0408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0408" + }, + { + "name": "46262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46262" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=67234", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=67234" + }, + { + "name": "oval:org.mitre.oval:def:14320", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14320" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1036.json b/2011/1xxx/CVE-2011-1036.json index ac939b21226..6cce40a4e5b 100644 --- a/2011/1xxx/CVE-2011-1036.json +++ b/2011/1xxx/CVE-2011-1036.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516649/100/0/threaded" - }, - { - "name" : "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516687/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-093", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-093" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}" - }, - { - "name" : "46539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46539" - }, - { - "name" : "1025120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025120" - }, - { - "name" : "43377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43377" - }, - { - "name" : "43490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43490" - }, - { - "name" : "8106", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8106" - }, - { - "name" : "ADV-2011-0496", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0496" - }, - { - "name" : "ca-products-activex-file-overwrite(65632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0496", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0496" + }, + { + "name": "43490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43490" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093" + }, + { + "name": "43377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43377" + }, + { + "name": "46539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46539" + }, + { + "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded" + }, + { + "name": "8106", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8106" + }, + { + "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded" + }, + { + "name": "1025120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025120" + }, + { + "name": "ca-products-activex-file-overwrite(65632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1095.json b/2011/1xxx/CVE-2011-1095.json index ecff5c71994..3f9596a0ccb 100644 --- a/2011/1xxx/CVE-2011-1095.json +++ b/2011/1xxx/CVE-2011-1095.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[oss-security] 20110308 Re: glibc locale escaping issue", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/22" - }, - { - "name" : "[oss-security] 20110308 Re: glibc locale escaping issue", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/21" - }, - { - "name" : "[oss-security] 20110308 glibc locale escaping issue", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/8" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=330923", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=330923" - }, - { - "name" : "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904", - "refsource" : "CONFIRM", - "url" : "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904" - }, - { - "name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11904", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11904" - }, - { - "name" : "http://sourceware.org/git/?p=glibc.git;a=patch;h=026373745eab50a683536d950cb7e17dc98c4259", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/git/?p=glibc.git;a=patch;h=026373745eab50a683536d950cb7e17dc98c4259" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=625893", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=625893" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "GLSA-201011-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201011-01.xml" - }, - { - "name" : "MDVSA-2011:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" - }, - { - "name" : "RHSA-2011:0412", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0412.html" - }, - { - "name" : "RHSA-2011:0413", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0413.html" - }, - { - "name" : "oval:org.mitre.oval:def:12272", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272" - }, - { - "name" : "1025286", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025286" - }, - { - "name" : "43830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43830" - }, - { - "name" : "43976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43976" - }, - { - "name" : "43989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43989" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "ADV-2011-0863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201011-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "http://sourceware.org/git/?p=glibc.git;a=patch;h=026373745eab50a683536d950cb7e17dc98c4259", + "refsource": "CONFIRM", + "url": "http://sourceware.org/git/?p=glibc.git;a=patch;h=026373745eab50a683536d950cb7e17dc98c4259" + }, + { + "name": "RHSA-2011:0412", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=625893", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893" + }, + { + "name": "ADV-2011-0863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0863" + }, + { + "name": "43989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43989" + }, + { + "name": "[oss-security] 20110308 glibc locale escaping issue", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/8" + }, + { + "name": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904", + "refsource": "CONFIRM", + "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904" + }, + { + "name": "MDVSA-2011:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" + }, + { + "name": "43830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43830" + }, + { + "name": "RHSA-2011:0413", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=330923", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=330923" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "oval:org.mitre.oval:def:12272", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272" + }, + { + "name": "43976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43976" + }, + { + "name": "[oss-security] 20110308 Re: glibc locale escaping issue", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/21" + }, + { + "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904", + "refsource": "CONFIRM", + "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904" + }, + { + "name": "[oss-security] 20110308 Re: glibc locale escaping issue", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/22" + }, + { + "name": "1025286", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025286" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1158.json b/2011/1xxx/CVE-2011-1158.json index c98466bf984..88e6f1cca3c 100644 --- a/2011/1xxx/CVE-2011-1158.json +++ b/2011/1xxx/CVE-2011-1158.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update", - "refsource" : "MLIST", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html" - }, - { - "name" : "[oss-security] 20110314 CVE request for python-feedparser", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/18" - }, - { - "name" : "[oss-security] 20110315 Re: CVE request for python-feedparser", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/15/11" - }, - { - "name" : "http://support.novell.com/security/cve/CVE-2011-1158.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2011-1158.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=680074", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=680074" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=684877", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=684877" - }, - { - "name" : "https://code.google.com/p/feedparser/issues/detail?id=255", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/feedparser/issues/detail?id=255" - }, - { - "name" : "MDVSA-2011:082", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:082" - }, - { - "name" : "46867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46867" - }, - { - "name" : "43730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43730" - }, - { - "name" : "44074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110314 CVE request for python-feedparser", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/18" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2011-1158.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2011-1158.html" + }, + { + "name": "43730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43730" + }, + { + "name": "https://code.google.com/p/feedparser/issues/detail?id=255", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/feedparser/issues/detail?id=255" + }, + { + "name": "46867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46867" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=684877", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684877" + }, + { + "name": "44074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44074" + }, + { + "name": "[oss-security] 20110315 Re: CVE request for python-feedparser", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/15/11" + }, + { + "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update", + "refsource": "MLIST", + "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=680074", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=680074" + }, + { + "name": "MDVSA-2011:082", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:082" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1218.json b/2011/1xxx/CVE-2011-1218.json index 6b075404b77..e6fbb16265e 100644 --- a/2011/1xxx/CVE-2011-1218.json +++ b/2011/1xxx/CVE-2011-1218.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21500034", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21500034" - }, - { - "name" : "47962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47962" - }, - { - "name" : "oval:org.mitre.oval:def:14238", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238" - }, - { - "name" : "44624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44624" - }, - { - "name" : "lotus-notes-kvarcve-bo(67625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21500034", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034" + }, + { + "name": "47962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47962" + }, + { + "name": "44624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44624" + }, + { + "name": "oval:org.mitre.oval:def:14238", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238" + }, + { + "name": "lotus-notes-kvarcve-bo(67625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67625" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1712.json b/2011/1xxx/CVE-2011-1712.json index 6619b43f545..6f66bd8c0d4 100644 --- a/2011/1xxx/CVE-2011-1712.json +++ b/2011/1xxx/CVE-2011-1712.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-18.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=640339", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=640339" - }, - { - "name" : "oval:org.mitre.oval:def:14467", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14467" - }, - { - "name" : "firefox-txxpathnodeutils-info-disclosure(66836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-18.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-18.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=640339", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=640339" + }, + { + "name": "firefox-txxpathnodeutils-info-disclosure(66836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66836" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html" + }, + { + "name": "oval:org.mitre.oval:def:14467", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14467" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1814.json b/2011/1xxx/CVE-2011-1814.json index 92d53eb9399..9f271a56040 100644 --- a/2011/1xxx/CVE-2011-1814.json +++ b/2011/1xxx/CVE-2011-1814.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-1814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=79362", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=79362" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" - }, - { - "name" : "48129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48129" - }, - { - "name" : "72784", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72784" - }, - { - "name" : "oval:org.mitre.oval:def:14565", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14565" - }, - { - "name" : "44829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44829" - }, - { - "name" : "chrome-pointer-info-disclosure(67897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44829" + }, + { + "name": "chrome-pointer-info-disclosure(67897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67897" + }, + { + "name": "72784", + "refsource": "OSVDB", + "url": "http://osvdb.org/72784" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" + }, + { + "name": "48129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48129" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=79362", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=79362" + }, + { + "name": "oval:org.mitre.oval:def:14565", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14565" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1862.json b/2011/1xxx/CVE-2011-1862.json index 22cfb715a3a..2c3c65d3093 100644 --- a/2011/1xxx/CVE-2011-1862.json +++ b/2011/1xxx/CVE-2011-1862.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02674", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130755929821099&w=2" - }, - { - "name" : "SSRT100487", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130755929821099&w=2" - }, - { - "name" : "48168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48168" - }, - { - "name" : "1025611", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025611" - }, - { - "name" : "44836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44836" - }, - { - "name" : "8273", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8273" - }, - { - "name" : "hp-service-unspec-xss(67913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44836" + }, + { + "name": "8273", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8273" + }, + { + "name": "hp-service-unspec-xss(67913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67913" + }, + { + "name": "1025611", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025611" + }, + { + "name": "SSRT100487", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130755929821099&w=2" + }, + { + "name": "HPSBMA02674", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130755929821099&w=2" + }, + { + "name": "48168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48168" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1940.json b/2011/1xxx/CVE-2011-1940.json index c5504d5b3f4..8a930190124 100644 --- a/2011/1xxx/CVE-2011-1940.json +++ b/2011/1xxx/CVE-2011-1940.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287" - }, - { - "name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php" - }, - { - "name" : "DSA-2391", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2391", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2391" + }, + { + "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287" + }, + { + "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3272.json b/2011/3xxx/CVE-2011-3272.json index ddebab3b8d7..17b3a4d878a 100644 --- a/2011/3xxx/CVE-2011-3272.json +++ b/2011/3xxx/CVE-2011-3272.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24122", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24122" - }, - { - "name" : "20110928 Cisco IOS Software IP Service Level Agreement Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4c.shtml" - }, - { - "name" : "1026120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24122", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24122" + }, + { + "name": "20110928 Cisco IOS Software IP Service Level Agreement Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4c.shtml" + }, + { + "name": "1026120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026120" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4002.json b/2011/4xxx/CVE-2011-4002.json index f7684fb7301..5eec57e9d90 100644 --- a/2011/4xxx/CVE-2011-4002.json +++ b/2011/4xxx/CVE-2011-4002.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a \"command injection vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-4002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#48839888", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN48839888/index.html" - }, - { - "name" : "JVNDB-2011-000076", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a \"command injection vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2011-000076", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000076" + }, + { + "name": "JVN#48839888", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN48839888/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4051.json b/2011/4xxx/CVE-2011-4051.json index 0a0a99dfbcb..6af357df909 100644 --- a/2011/4xxx/CVE-2011-4051.json +++ b/2011/4xxx/CVE-2011-4051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-330/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-330/" - }, - { - "name" : "http://www.indusoft.com/hotfixes/hotfixes.php", - "refsource" : "CONFIRM", - "url" : "http://www.indusoft.com/hotfixes/hotfixes.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf" + }, + { + "name": "http://www.indusoft.com/hotfixes/hotfixes.php", + "refsource": "CONFIRM", + "url": "http://www.indusoft.com/hotfixes/hotfixes.php" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-330/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-330/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4062.json b/2011/4xxx/CVE-2011-4062.json index 0619a8ebf30..2cdb0fe3db0 100644 --- a/2011/4xxx/CVE-2011-4062.json +++ b/2011/4xxx/CVE-2011-4062.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2011-4062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17908", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17908" - }, - { - "name" : "http://security.freebsd.org/patches/SA-11:05/unix2.patch", - "refsource" : "MISC", - "url" : "http://security.freebsd.org/patches/SA-11:05/unix2.patch" - }, - { - "name" : "DSA-2325", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2325" - }, - { - "name" : "FreeBSD-SA-11:05", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc" - }, - { - "name" : "49862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49862" - }, - { - "name" : "75788", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/75788" - }, - { - "name" : "1026106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026106" - }, - { - "name" : "46202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46202" - }, - { - "name" : "46564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.freebsd.org/patches/SA-11:05/unix2.patch", + "refsource": "MISC", + "url": "http://security.freebsd.org/patches/SA-11:05/unix2.patch" + }, + { + "name": "46202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46202" + }, + { + "name": "17908", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17908" + }, + { + "name": "FreeBSD-SA-11:05", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc" + }, + { + "name": "46564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46564" + }, + { + "name": "1026106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026106" + }, + { + "name": "75788", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/75788" + }, + { + "name": "49862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49862" + }, + { + "name": "DSA-2325", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2325" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4287.json b/2011/4xxx/CVE-2011-4287.json index 3629b93d1c8..cfa2e8e4f76 100644 --- a/2011/4xxx/CVE-2011-4287.json +++ b/2011/4xxx/CVE-2011-4287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/14/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=175588", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=175588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/14/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=175588", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=175588" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4305.json b/2011/4xxx/CVE-2011-4305.json index 59567a0514c..e78de2fa689 100644 --- a/2011/4xxx/CVE-2011-4305.json +++ b/2011/4xxx/CVE-2011-4305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=97f258fabb3ebfa7acc7c02cb59de92b01710f99", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=97f258fabb3ebfa7acc7c02cb59de92b01710f99" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=188318", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=188318" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/mod/forum/discuss.php?d=188318", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=188318" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=97f258fabb3ebfa7acc7c02cb59de92b01710f99", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=97f258fabb3ebfa7acc7c02cb59de92b01710f99" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=747444", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4475.json b/2011/4xxx/CVE-2011-4475.json index 2d7ac5e265a..bf43740cab1 100644 --- a/2011/4xxx/CVE-2011-4475.json +++ b/2011/4xxx/CVE-2011-4475.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4475", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4475", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4922.json b/2011/4xxx/CVE-2011-4922.json index aa09c392f9c..e5aab1802ce 100644 --- a/2011/4xxx/CVE-2011-4922.json +++ b/2011/4xxx/CVE-2011-4922.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120104 Re: CVE request: Pidgin", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/01/04/13" - }, - { - "name" : "http://hg.pidgin.im/pidgin/main/rev/8c850977cb42", - "refsource" : "CONFIRM", - "url" : "http://hg.pidgin.im/pidgin/main/rev/8c850977cb42" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=50", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=50" - }, - { - "name" : "oval:org.mitre.oval:def:18223", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120104 Re: CVE request: Pidgin", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/01/04/13" + }, + { + "name": "oval:org.mitre.oval:def:18223", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18223" + }, + { + "name": "http://www.pidgin.im/news/security/?id=50", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=50" + }, + { + "name": "http://hg.pidgin.im/pidgin/main/rev/8c850977cb42", + "refsource": "CONFIRM", + "url": "http://hg.pidgin.im/pidgin/main/rev/8c850977cb42" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5013.json b/2011/5xxx/CVE-2011-5013.json index 2cff2c7c390..929034fb627 100644 --- a/2011/5xxx/CVE-2011-5013.json +++ b/2011/5xxx/CVE-2011-5013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5113.json b/2011/5xxx/CVE-2011-5113.json index 62ff67f96f0..364b65870e5 100644 --- a/2011/5xxx/CVE-2011-5113.json +++ b/2011/5xxx/CVE-2011-5113.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18042", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18042" - }, - { - "name" : "http://docs.joomla.org/Vulnerable_Extensions_List#Techfolio_1.0", - "refsource" : "MISC", - "url" : "http://docs.joomla.org/Vulnerable_Extensions_List#Techfolio_1.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18042", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18042" + }, + { + "name": "http://docs.joomla.org/Vulnerable_Extensions_List#Techfolio_1.0", + "refsource": "MISC", + "url": "http://docs.joomla.org/Vulnerable_Extensions_List#Techfolio_1.0" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5032.json b/2013/5xxx/CVE-2013-5032.json index 4ab8183d504..2c12c534f17 100644 --- a/2013/5xxx/CVE-2013-5032.json +++ b/2013/5xxx/CVE-2013-5032.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://atmail.com/changelog/", - "refsource" : "CONFIRM", - "url" : "http://atmail.com/changelog/" - }, - { - "name" : "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/", - "refsource" : "CONFIRM", - "url" : "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/", + "refsource": "CONFIRM", + "url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/" + }, + { + "name": "http://atmail.com/changelog/", + "refsource": "CONFIRM", + "url": "http://atmail.com/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2004.json b/2014/2xxx/CVE-2014-2004.json index e9caebd2ff1..d66c46a85a9 100644 --- a/2014/2xxx/CVE-2014-2004.json +++ b/2014/2xxx/CVE-2014-2004.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 through 3.10, SEIL/X1 routers 1.00 through 4.50, SEIL/X2 routers 1.00 through 4.50, SEIL/B1 routers 1.00 through 4.50, SEIL/Turbo routers 1.80 through 2.17, and SEIL/neu 2FE Plus routers 1.80 through 2.17 allows remote attackers to cause a denial of service (session termination or concentrator outage) via a crafted TCP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-2004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.seil.jp/support/security/a01443.html", - "refsource" : "CONFIRM", - "url" : "http://www.seil.jp/support/security/a01443.html" - }, - { - "name" : "JVN#10724763", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN10724763/index.html" - }, - { - "name" : "JVNDB-2014-000055", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 through 3.10, SEIL/X1 routers 1.00 through 4.50, SEIL/X2 routers 1.00 through 4.50, SEIL/B1 routers 1.00 through 4.50, SEIL/Turbo routers 1.80 through 2.17, and SEIL/neu 2FE Plus routers 1.80 through 2.17 allows remote attackers to cause a denial of service (session termination or concentrator outage) via a crafted TCP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.seil.jp/support/security/a01443.html", + "refsource": "CONFIRM", + "url": "http://www.seil.jp/support/security/a01443.html" + }, + { + "name": "JVN#10724763", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN10724763/index.html" + }, + { + "name": "JVNDB-2014-000055", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000055" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2018.json b/2014/2xxx/CVE-2014-2018.json index b814039f6b5..ef3a64e57a0 100644 --- a/2014/2xxx/CVE-2014-2018.json +++ b/2014/2xxx/CVE-2014-2018.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=953", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=953" - }, - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-14.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=875818", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=875818" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "VU#863369", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/863369" - }, - { - "name" : "1029773", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029773" - }, - { - "name" : "1029774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029773", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029773" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-14.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-14.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=875818", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=875818" + }, + { + "name": "VU#863369", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/863369" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=953", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=953" + }, + { + "name": "1029774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029774" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2261.json b/2014/2xxx/CVE-2014-2261.json index 6286200b156..250cc0b7fbb 100644 --- a/2014/2xxx/CVE-2014-2261.json +++ b/2014/2xxx/CVE-2014-2261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2261", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2261", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2436.json b/2014/2xxx/CVE-2014-2436.json index 37571f3e197..486b97cb8be 100644 --- a/2014/2xxx/CVE-2014-2436.json +++ b/2014/2xxx/CVE-2014-2436.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "RHSA-2014:0522", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0522.html" - }, - { - "name" : "RHSA-2014:0536", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0536.html" - }, - { - "name" : "RHSA-2014:0537", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0537.html" - }, - { - "name" : "RHSA-2014:0702", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0702.html" - }, - { - "name" : "66896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0536", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0536.html" + }, + { + "name": "66896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66896" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "RHSA-2014:0522", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0522.html" + }, + { + "name": "RHSA-2014:0537", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0537.html" + }, + { + "name": "RHSA-2014:0702", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0702.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2526.json b/2014/2xxx/CVE-2014-2526.json index 2f75b6469a2..2892b1bcce8 100644 --- a/2014/2xxx/CVE-2014-2526.json +++ b/2014/2xxx/CVE-2014-2526.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/125766", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125766" - }, - { - "name" : "http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txt" - }, - { - "name" : "http://secpod.org/blog/?p=2158", - "refsource" : "MISC", - "url" : "http://secpod.org/blog/?p=2158" - }, - { - "name" : "http://barracudadrive.com/readme.txt", - "refsource" : "CONFIRM", - "url" : "http://barracudadrive.com/readme.txt" - }, - { - "name" : "66269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66269" - }, - { - "name" : "57451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57451" - }, - { - "name" : "barracudadrive-multiple-scripts-xss(91920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57451" + }, + { + "name": "http://secpod.org/blog/?p=2158", + "refsource": "MISC", + "url": "http://secpod.org/blog/?p=2158" + }, + { + "name": "barracudadrive-multiple-scripts-xss(91920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91920" + }, + { + "name": "http://packetstormsecurity.com/files/125766", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125766" + }, + { + "name": "http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txt" + }, + { + "name": "http://barracudadrive.com/readme.txt", + "refsource": "CONFIRM", + "url": "http://barracudadrive.com/readme.txt" + }, + { + "name": "66269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66269" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2572.json b/2014/2xxx/CVE-2014-2572.json index 881a9bb539c..dee93d37445 100644 --- a/2014/2xxx/CVE-2014-2572.json +++ b/2014/2xxx/CVE-2014-2572.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140317 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/03/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43468", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43468" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=256425", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=256425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43468", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43468" + }, + { + "name": "[oss-security] 20140317 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/03/17/1" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=256425", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=256425" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2684.json b/2014/2xxx/CVE-2014-2684.json index fe8e47905fc..66f94318c5e 100644 --- a/2014/2xxx/CVE-2014-2684.json +++ b/2014/2xxx/CVE-2014-2684.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/0" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0151.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0151.html" - }, - { - "name" : "http://framework.zend.com/security/advisory/ZF2014-02", - "refsource" : "CONFIRM", - "url" : "http://framework.zend.com/security/advisory/ZF2014-02" - }, - { - "name" : "DSA-3265", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3265" - }, - { - "name" : "MDVSA-2014:072", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072" - }, - { - "name" : "66358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/0" + }, + { + "name": "MDVSA-2014:072", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0151.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0151.html" + }, + { + "name": "66358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66358" + }, + { + "name": "DSA-3265", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3265" + }, + { + "name": "http://framework.zend.com/security/advisory/ZF2014-02", + "refsource": "CONFIRM", + "url": "http://framework.zend.com/security/advisory/ZF2014-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3012.json b/2014/3xxx/CVE-2014-3012.json index b2e873d0a20..5e6f441a833 100644 --- a/2014/3xxx/CVE-2014-3012.json +++ b/2014/3xxx/CVE-2014-3012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675454", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675454" - }, - { - "name" : "59257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59257" - }, - { - "name" : "ibm-curam-cve20143012-crlf-injection(93010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59257" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454" + }, + { + "name": "ibm-curam-cve20143012-crlf-injection(93010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3064.json b/2014/3xxx/CVE-2014-3064.json index aa0647e8e91..e44fbad45dc 100644 --- a/2014/3xxx/CVE-2014-3064.json +++ b/2014/3xxx/CVE-2014-3064.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to read arbitrary files via a crafted UNIX file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677299", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677299" - }, - { - "name" : "69027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69027" - }, - { - "name" : "ibm-imdm-cve20143064-unix-alter(93600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to read arbitrary files via a crafted UNIX file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69027" + }, + { + "name": "ibm-imdm-cve20143064-unix-alter(93600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93600" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677299", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677299" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3672.json b/2014/3xxx/CVE-2014-3672.json index 1996eabdda2..fc60bcb9d1b 100644 --- a/2014/3xxx/CVE-2014-3672.json +++ b/2014/3xxx/CVE-2014-3672.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160524 CVE-2014-3672 libvirt: DoS via excessive logging", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/24/5" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-180.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-180.html" - }, - { - "name" : "https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf", - "refsource" : "CONFIRM", - "url" : "https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf" - }, - { - "name" : "https://libvirt.org/news-2015.html", - "refsource" : "CONFIRM", - "url" : "https://libvirt.org/news-2015.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "1035945", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-180.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-180.html" + }, + { + "name": "https://libvirt.org/news-2015.html", + "refsource": "CONFIRM", + "url": "https://libvirt.org/news-2015.html" + }, + { + "name": "1035945", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035945" + }, + { + "name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf", + "refsource": "CONFIRM", + "url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf" + }, + { + "name": "[oss-security] 20160524 CVE-2014-3672 libvirt: DoS via excessive logging", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/24/5" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6189.json b/2014/6xxx/CVE-2014-6189.json index befdaee67aa..9d44a95bb61 100644 --- a/2014/6xxx/CVE-2014-6189.json +++ b/2014/6xxx/CVE-2014-6189.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697248", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697248" - }, - { - "name" : "73940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697248", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697248" + }, + { + "name": "73940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73940" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6524.json b/2014/6xxx/CVE-2014-6524.json index bffcb9cee30..66500d6e82e 100644 --- a/2014/6xxx/CVE-2014-6524.json +++ b/2014/6xxx/CVE-2014-6524.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031583" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6580.json b/2014/6xxx/CVE-2014-6580.json index 27dfbba39b7..b0b4085379e 100644 --- a/2014/6xxx/CVE-2014-6580.json +++ b/2014/6xxx/CVE-2014-6580.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6626.json b/2014/6xxx/CVE-2014-6626.json index 058752ce3f9..c004b0bdc85 100644 --- a/2014/6xxx/CVE-2014-6626.json +++ b/2014/6xxx/CVE-2014-6626.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/support/alerts/aid-10282014.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/support/alerts/aid-10282014.txt" - }, - { - "name" : "61916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61916" + }, + { + "name": "http://www.arubanetworks.com/support/alerts/aid-10282014.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/support/alerts/aid-10282014.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6788.json b/2014/6xxx/CVE-2014-6788.json index d70b83b5076..0ea06ba3ba8 100644 --- a/2014/6xxx/CVE-2014-6788.json +++ b/2014/6xxx/CVE-2014-6788.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#359065", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/359065" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#359065", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/359065" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6879.json b/2014/6xxx/CVE-2014-6879.json index 30777a6e9fb..4f7429b239e 100644 --- a/2014/6xxx/CVE-2014-6879.json +++ b/2014/6xxx/CVE-2014-6879.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Equifax Mobile (aka com.equifax) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#275641", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/275641" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Equifax Mobile (aka com.equifax) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#275641", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/275641" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6895.json b/2014/6xxx/CVE-2014-6895.json index c197410f4f9..c6a141e7f7f 100644 --- a/2014/6xxx/CVE-2014-6895.json +++ b/2014/6xxx/CVE-2014-6895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#531985", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/531985" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#531985", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/531985" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7236.json b/2014/7xxx/CVE-2014-7236.json index 4b81cfbc7a7..3c5f6946762 100644 --- a/2014/7xxx/CVE-2014-7236.json +++ b/2014/7xxx/CVE-2014-7236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7295.json b/2014/7xxx/CVE-2014-7295.json index 5dbf658fc20..d15d4c49c5c 100644 --- a/2014/7xxx/CVE-2014-7295.json +++ b/2014/7xxx/CVE-2014-7295.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20141002 MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html" - }, - { - "name" : "[oss-security] 20141002 Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/67" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672" - }, - { - "name" : "DSA-3046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3046" - }, - { - "name" : "70238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70238" - }, - { - "name" : "61752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672" + }, + { + "name": "[MediaWiki-announce] 20141002 MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html" + }, + { + "name": "DSA-3046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3046" + }, + { + "name": "61752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61752" + }, + { + "name": "[oss-security] 20141002 Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/67" + }, + { + "name": "70238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70238" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7498.json b/2014/7xxx/CVE-2014-7498.json index 542072bac1e..51cc3bf57d1 100644 --- a/2014/7xxx/CVE-2014-7498.json +++ b/2014/7xxx/CVE-2014-7498.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#148393", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/148393" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#148393", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/148393" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7664.json b/2014/7xxx/CVE-2014-7664.json index 3df90bb3f30..412c2512ed0 100644 --- a/2014/7xxx/CVE-2014-7664.json +++ b/2014/7xxx/CVE-2014-7664.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#123665", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/123665" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#123665", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/123665" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7803.json b/2014/7xxx/CVE-2014-7803.json index 386d4aa6619..26291441628 100644 --- a/2014/7xxx/CVE-2014-7803.json +++ b/2014/7xxx/CVE-2014-7803.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#634945", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/634945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#634945", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/634945" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7840.json b/2014/7xxx/CVE-2014-7840.json index ae9d5237702..552d5be3e79 100644 --- a/2014/7xxx/CVE-2014-7840.json +++ b/2014/7xxx/CVE-2014-7840.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[qemu-devel] 20141112 [PATCH 0/4] migration: fix CVE-2014-7840", - "refsource" : "MLIST", - "url" : "http://thread.gmane.org/gmane.comp.emulators.qemu/306117" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=0be839a2701369f669532ea5884c15bead1c6e08", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=0be839a2701369f669532ea5884c15bead1c6e08" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163075", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163075" - }, - { - "name" : "RHSA-2015:0349", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0349.html" - }, - { - "name" : "RHSA-2015:0624", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0624.html" - }, - { - "name" : "qemu-cve20147840-code-exec(99194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0624", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=0be839a2701369f669532ea5884c15bead1c6e08", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=0be839a2701369f669532ea5884c15bead1c6e08" + }, + { + "name": "[qemu-devel] 20141112 [PATCH 0/4] migration: fix CVE-2014-7840", + "refsource": "MLIST", + "url": "http://thread.gmane.org/gmane.comp.emulators.qemu/306117" + }, + { + "name": "RHSA-2015:0349", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html" + }, + { + "name": "qemu-cve20147840-code-exec(99194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99194" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163075", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163075" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7863.json b/2014/7xxx/CVE-2014-7863.json index 7da88cfbc80..d02f8c34e6b 100644 --- a/2014/7xxx/CVE-2014-7863.json +++ b/2014/7xxx/CVE-2014-7863.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7863", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7863", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0028.json b/2017/0xxx/CVE-2017-0028.json index 753ee1beb81..1557b175a1a 100644 --- a/2017/0xxx/CVE-2017-0028.json +++ b/2017/0xxx/CVE-2017-0028.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-03-28T00:00:00", - "ID" : "CVE-2017-0028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka \"Scripting Engine Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-03-28T00:00:00", + "ID": "CVE-2017-0028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft ChakraCore", + "version": { + "version_data": [ + { + "version_value": "Microsoft ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Microsoft/ChakraCore/commit/402f3d967c0a905ec5b9ca9c240783d3f2c15724", - "refsource" : "CONFIRM", - "url" : "https://github.com/Microsoft/ChakraCore/commit/402f3d967c0a905ec5b9ca9c240783d3f2c15724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka \"Scripting Engine Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Microsoft/ChakraCore/commit/402f3d967c0a905ec5b9ca9c240783d3f2c15724", + "refsource": "CONFIRM", + "url": "https://github.com/Microsoft/ChakraCore/commit/402f3d967c0a905ec5b9ca9c240783d3f2c15724" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0084.json b/2017/0xxx/CVE-2017-0084.json index 5fd35b308dc..5d1c848f483 100644 --- a/2017/0xxx/CVE-2017-0084.json +++ b/2017/0xxx/CVE-2017-0084.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Uniscribe Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41648", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41648/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084" - }, - { - "name" : "96610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96610" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Uniscribe Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96610" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084" + }, + { + "name": "41648", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41648/" + }, + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0145.json b/2017/0xxx/CVE-2017-0145.json index 2f3c44b21e9..d1e09e48dd2 100644 --- a/2017/0xxx/CVE-2017-0145.json +++ b/2017/0xxx/CVE-2017-0145.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows SMB", - "version" : { - "version_data" : [ - { - "version_value" : "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows SMB", + "version": { + "version_data": [ + { + "version_value": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41891", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41891/" - }, - { - "name" : "41987", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41987/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf" - }, - { - "name" : "96705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96705" - }, - { - "name" : "1037991", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145" + }, + { + "name": "41891", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41891/" + }, + { + "name": "1037991", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037991" + }, + { + "name": "96705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96705" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + }, + { + "name": "41987", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41987/" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0208.json b/2017/0xxx/CVE-2017-0208.json index d1980fcd92d..2864b742975 100644 --- a/2017/0xxx/CVE-2017-0208.json +++ b/2017/0xxx/CVE-2017-0208.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Edge" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. \"Scripting Engine Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Edge", + "version": { + "version_data": [ + { + "version_value": "Edge" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208" - }, - { - "name" : "97460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97460" - }, - { - "name" : "1038234", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. \"Scripting Engine Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208" + }, + { + "name": "1038234", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038234" + }, + { + "name": "97460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97460" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0230.json b/2017/0xxx/CVE-2017-0230.json index 6de34471091..abcca308c47 100644 --- a/2017/0xxx/CVE-2017-0230.json +++ b/2017/0xxx/CVE-2017-0230.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0230", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0230" - }, - { - "name" : "98222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0230", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0230" + }, + { + "name": "98222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98222" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0453.json b/2017/0xxx/CVE-2017-0453.json index 3f4a0e0459a..4fe275f88f3 100644 --- a/2017/0xxx/CVE-2017-0453.json +++ b/2017/0xxx/CVE-2017-0453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33979145. References: QC-CR#1105085." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513" - }, - { - "name" : "96735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96735" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33979145. References: QC-CR#1105085." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96735" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18102.json b/2017/18xxx/CVE-2017-18102.json index 3538157d014..8499c85359d 100644 --- a/2017/18xxx/CVE-2017-18102.json +++ b/2017/18xxx/CVE-2017-18102.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-04-11T00:00:00", - "ID" : "CVE-2017-18102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "atlassian-renderer", - "version" : { - "version_data" : [ - { - "version_affected" : ">=", - "version_value" : "8.0.0" - }, - { - "version_affected" : "<", - "version_value" : "8.0.22" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-04-11T00:00:00", + "ID": "CVE-2017-18102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "atlassian-renderer", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "8.0.0" + }, + { + "version_affected": "<", + "version_value": "8.0.22" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-67108", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-67108" - }, - { - "name" : "https://jira.atlassian.com/browse/RNDR-153", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/RNDR-153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/JRASERVER-67108", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-67108" + }, + { + "name": "https://jira.atlassian.com/browse/RNDR-153", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/RNDR-153" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18200.json b/2017/18xxx/CVE-2017-18200.json index 32e2bc87b42..2410056db59 100644 --- a/2017/18xxx/CVE-2017-18200.json +++ b/2017/18xxx/CVE-2017-18200.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4" - }, - { - "name" : "https://github.com/torvalds/linux/commit/638164a2718f337ea224b747cf5977ef143166a4", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/638164a2718f337ea224b747cf5977ef143166a4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/638164a2718f337ea224b747cf5977ef143166a4", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/638164a2718f337ea224b747cf5977ef143166a4" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18301.json b/2017/18xxx/CVE-2017-18301.json index a5d02c5c1bb..43ed84340da 100644 --- a/2017/18xxx/CVE-2017-18301.json +++ b/2017/18xxx/CVE-2017-18301.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1200.json b/2017/1xxx/CVE-2017-1200.json index 974bd9629b9..a75c932022d 100644 --- a/2017/1xxx/CVE-2017-1200.json +++ b/2017/1xxx/CVE-2017-1200.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-30T00:00:00", - "ID" : "CVE-2017-1200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Compliance", - "version" : { - "version_data" : [ - { - "version_value" : "1.7" - }, - { - "version_value" : "1.9.91" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "3.700", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-30T00:00:00", + "ID": "CVE-2017-1200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Compliance", + "version": { + "version_data": [ + { + "version_value": "1.7" + }, + { + "version_value": "1.9.91" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581" - }, - { - "name" : "ibm-bigfix-cve20171200-info-disc(123675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "3.700", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581" + }, + { + "name": "ibm-bigfix-cve20171200-info-disc(123675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123675" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1268.json b/2017/1xxx/CVE-2017-1268.json index 7e259556213..42c92fa00c3 100644 --- a/2017/1xxx/CVE-2017-1268.json +++ b/2017/1xxx/CVE-2017-1268.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-11T00:00:00", - "ID" : "CVE-2017-1268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10" - }, - { - "version_value" : "10.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "C", - "SCORE" : "5.900", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-11T00:00:00", + "ID": "CVE-2017-1268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10" + }, + { + "version_value": "10.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077" - }, - { - "name" : "106339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106339" - }, - { - "name" : "ibm-guardium-cve20171268-info-disc(124743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "L", + "C": "H", + "I": "N", + "PR": "N", + "S": "C", + "SCORE": "5.900", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106339" + }, + { + "name": "ibm-guardium-cve20171268-info-disc(124743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124743" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10737077", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737077" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1346.json b/2017/1xxx/CVE-2017-1346.json index 9a25def5826..0710f89fa72 100644 --- a/2017/1xxx/CVE-2017-1346.json +++ b/2017/1xxx/CVE-2017-1346.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126461", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126461" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004654", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004654" - }, - { - "name" : "100964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004654", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004654" + }, + { + "name": "100964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100964" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126461", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126461" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1496.json b/2017/1xxx/CVE-2017-1496.json index 621486f62e8..2f943a286b5 100644 --- a/2017/1xxx/CVE-2017-1496.json +++ b/2017/1xxx/CVE-2017-1496.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-24T00:00:00", - "ID" : "CVE-2017-1496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.4" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.5" - }, - { - "version_value" : "5.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-24T00:00:00", + "ID": "CVE-2017-1496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.4" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.5" + }, + { + "version_value": "5.2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128694", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128694" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006175", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128694", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128694" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006175", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006175" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1831.json b/2017/1xxx/CVE-2017-1831.json index 6af2cd7f6ee..c38284efc97 100644 --- a/2017/1xxx/CVE-2017-1831.json +++ b/2017/1xxx/CVE-2017-1831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1831", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1831", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1948.json b/2017/1xxx/CVE-2017-1948.json index 5cc13b74b5e..10657eb5f6a 100644 --- a/2017/1xxx/CVE-2017-1948.json +++ b/2017/1xxx/CVE-2017-1948.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1948", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1948", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5070.json b/2017/5xxx/CVE-2017-5070.json index e3127574ee7..c8fb89a6431 100644 --- a/2017/5xxx/CVE-2017-5070.json +++ b/2017/5xxx/CVE-2017-5070.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/722756", - "refsource" : "MISC", - "url" : "https://crbug.com/722756" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1399" - }, - { - "name" : "98861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98861" - }, - { - "name" : "1038622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98861" + }, + { + "name": "https://crbug.com/722756", + "refsource": "MISC", + "url": "https://crbug.com/722756" + }, + { + "name": "RHSA-2017:1399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1399" + }, + { + "name": "1038622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038622" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5124.json b/2017/5xxx/CVE-2017-5124.json index 9a28ecff24f..04bccc22749 100644 --- a/2017/5xxx/CVE-2017-5124.json +++ b/2017/5xxx/CVE-2017-5124.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 62.0.3202.62", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 62.0.3202.62" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 62.0.3202.62", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 62.0.3202.62" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404d25537070", - "refsource" : "MISC", - "url" : "https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404d25537070" - }, - { - "name" : "https://crbug.com/762930", - "refsource" : "MISC", - "url" : "https://crbug.com/762930" - }, - { - "name" : "https://github.com/Bo0oM/CVE-2017-5124", - "refsource" : "MISC", - "url" : "https://github.com/Bo0oM/CVE-2017-5124" - }, - { - "name" : "https://www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve20175124/", - "refsource" : "MISC", - "url" : "https://www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve20175124/" - }, - { - "name" : "DSA-4020", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4020" - }, - { - "name" : "GLSA-201710-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-24" - }, - { - "name" : "RHSA-2017:2997", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2997" - }, - { - "name" : "101482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101482" + }, + { + "name": "https://www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve20175124/", + "refsource": "MISC", + "url": "https://www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve20175124/" + }, + { + "name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/762930", + "refsource": "MISC", + "url": "https://crbug.com/762930" + }, + { + "name": "DSA-4020", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4020" + }, + { + "name": "https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404d25537070", + "refsource": "MISC", + "url": "https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404d25537070" + }, + { + "name": "RHSA-2017:2997", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2997" + }, + { + "name": "GLSA-201710-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-24" + }, + { + "name": "https://github.com/Bo0oM/CVE-2017-5124", + "refsource": "MISC", + "url": "https://github.com/Bo0oM/CVE-2017-5124" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5131.json b/2017/5xxx/CVE-2017-5131.json index 4c8e61ca8e3..fe3ff45ad45 100644 --- a/2017/5xxx/CVE-2017-5131.json +++ b/2017/5xxx/CVE-2017-5131.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 62.0.3202.62", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 62.0.3202.62" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 62.0.3202.62", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 62.0.3202.62" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/744109", - "refsource" : "MISC", - "url" : "https://crbug.com/744109" - }, - { - "name" : "DSA-4020", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4020" - }, - { - "name" : "GLSA-201710-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-24" - }, - { - "name" : "RHSA-2017:2997", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2997" - }, - { - "name" : "101482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101482" + }, + { + "name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" + }, + { + "name": "DSA-4020", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4020" + }, + { + "name": "RHSA-2017:2997", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2997" + }, + { + "name": "https://crbug.com/744109", + "refsource": "MISC", + "url": "https://crbug.com/744109" + }, + { + "name": "GLSA-201710-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-24" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5350.json b/2017/5xxx/CVE-2017-5350.json index ac1ddd81e17..eaf5f880a6b 100644 --- a/2017/5xxx/CVE-2017-5350.json +++ b/2017/5xxx/CVE-2017-5350.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017", - "refsource" : "CONFIRM", - "url" : "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017" - }, - { - "name" : "95424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017", + "refsource": "CONFIRM", + "url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017" + }, + { + "name": "95424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95424" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5447.json b/2017/5xxx/CVE-2017-5447.json index f2c28ce3f4a..f9628418a18 100644 --- a/2017/5xxx/CVE-2017-5447.json +++ b/2017/5xxx/CVE-2017-5447.json @@ -1,144 +1,144 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read during glyph processing" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42071", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42071/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1343552", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1343552" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read during glyph processing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42071", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42071/" + }, + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1343552", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1343552" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5726.json b/2017/5xxx/CVE-2017-5726.json index aa7b9f942f7..d9c370b424d 100644 --- a/2017/5xxx/CVE-2017-5726.json +++ b/2017/5xxx/CVE-2017-5726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5913.json b/2017/5xxx/CVE-2017-5913.json index caef7af18fb..b57f13ba2d2 100644 --- a/2017/5xxx/CVE-2017-5913.json +++ b/2017/5xxx/CVE-2017-5913.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file