From d9e25a988207881477fc6d9955747d55bdb26a93 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:40:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2111.json | 280 ++++++++++++++-------------- 2006/2xxx/CVE-2006-2417.json | 180 +++++++++--------- 2006/2xxx/CVE-2006-2580.json | 200 ++++++++++---------- 2006/3xxx/CVE-2006-3048.json | 190 +++++++++---------- 2006/3xxx/CVE-2006-3400.json | 160 ++++++++-------- 2006/3xxx/CVE-2006-3596.json | 180 +++++++++--------- 2006/3xxx/CVE-2006-3993.json | 210 ++++++++++----------- 2006/6xxx/CVE-2006-6019.json | 150 +++++++-------- 2006/6xxx/CVE-2006-6337.json | 180 +++++++++--------- 2006/6xxx/CVE-2006-6758.json | 150 +++++++-------- 2006/7xxx/CVE-2006-7031.json | 130 ++++++------- 2011/0xxx/CVE-2011-0324.json | 170 ++++++++--------- 2011/0xxx/CVE-2011-0381.json | 150 +++++++-------- 2011/0xxx/CVE-2011-0740.json | 160 ++++++++-------- 2011/0xxx/CVE-2011-0777.json | 170 ++++++++--------- 2011/1xxx/CVE-2011-1100.json | 140 +++++++------- 2011/1xxx/CVE-2011-1364.json | 150 +++++++-------- 2011/1xxx/CVE-2011-1790.json | 34 ++-- 2011/3xxx/CVE-2011-3195.json | 160 ++++++++-------- 2011/3xxx/CVE-2011-3248.json | 150 +++++++-------- 2011/3xxx/CVE-2011-3523.json | 150 +++++++-------- 2011/4xxx/CVE-2011-4148.json | 34 ++-- 2011/4xxx/CVE-2011-4414.json | 34 ++-- 2011/4xxx/CVE-2011-4999.json | 34 ++-- 2013/5xxx/CVE-2013-5057.json | 130 ++++++------- 2013/5xxx/CVE-2013-5961.json | 150 +++++++-------- 2014/2xxx/CVE-2014-2022.json | 160 ++++++++-------- 2014/6xxx/CVE-2014-6093.json | 170 ++++++++--------- 2014/6xxx/CVE-2014-6386.json | 140 +++++++------- 2014/6xxx/CVE-2014-6535.json | 150 +++++++-------- 2014/7xxx/CVE-2014-7074.json | 34 ++-- 2014/7xxx/CVE-2014-7352.json | 140 +++++++------- 2014/7xxx/CVE-2014-7829.json | 150 +++++++-------- 2017/0xxx/CVE-2017-0081.json | 140 +++++++------- 2017/0xxx/CVE-2017-0082.json | 140 +++++++------- 2017/0xxx/CVE-2017-0298.json | 130 ++++++------- 2017/0xxx/CVE-2017-0894.json | 130 ++++++------- 2017/1000xxx/CVE-2017-1000036.json | 37 ++-- 2017/1000xxx/CVE-2017-1000096.json | 134 +++++++------- 2017/1000xxx/CVE-2017-1000142.json | 124 ++++++------- 2017/18xxx/CVE-2017-18193.json | 180 +++++++++--------- 2017/1xxx/CVE-2017-1285.json | 148 +++++++-------- 2017/1xxx/CVE-2017-1314.json | 288 ++++++++++++++--------------- 2017/1xxx/CVE-2017-1330.json | 34 ++-- 2017/1xxx/CVE-2017-1514.json | 34 ++-- 2017/1xxx/CVE-2017-1517.json | 34 ++-- 2017/1xxx/CVE-2017-1988.json | 34 ++-- 2017/5xxx/CVE-2017-5091.json | 170 ++++++++--------- 2017/5xxx/CVE-2017-5372.json | 160 ++++++++-------- 2017/5xxx/CVE-2017-5809.json | 142 +++++++------- 50 files changed, 3413 insertions(+), 3416 deletions(-) diff --git a/2006/2xxx/CVE-2006-2111.json b/2006/2xxx/CVE-2006-2111.json index 9ab8619a491..ddb15219e8c 100644 --- a/2006/2xxx/CVE-2006-2111.json +++ b/2006/2xxx/CVE-2006-2111.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka \"URL Redirect Cross Domain Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061025 IE7 status: 8 days after release, 3 unfixed issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449917/100/0/threaded" - }, - { - "name" : "20061026 IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449883/100/200/threaded" - }, - { - "name" : "http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/", - "refsource" : "MISC", - "url" : "http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/" - }, - { - "name" : "HPSBST02231", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "SSRT071438", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "MS07-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034" - }, - { - "name" : "TA07-163A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" - }, - { - "name" : "VU#783761", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/783761" - }, - { - "name" : "17717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17717" - }, - { - "name" : "ADV-2006-1558", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1558" - }, - { - "name" : "ADV-2007-2154", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2154" - }, - { - "name" : "25073", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25073" - }, - { - "name" : "oval:org.mitre.oval:def:1605", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1605" - }, - { - "name" : "1016005", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016005" - }, - { - "name" : "19738", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19738" - }, - { - "name" : "22477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22477" - }, - { - "name" : "ie-mhtml-information-disclosure(26281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka \"URL Redirect Cross Domain Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1605", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1605" + }, + { + "name": "19738", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19738" + }, + { + "name": "http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/", + "refsource": "MISC", + "url": "http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/" + }, + { + "name": "22477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22477" + }, + { + "name": "MS07-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034" + }, + { + "name": "ie-mhtml-information-disclosure(26281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26281" + }, + { + "name": "20061026 IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449883/100/200/threaded" + }, + { + "name": "1016005", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016005" + }, + { + "name": "20061025 IE7 status: 8 days after release, 3 unfixed issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" + }, + { + "name": "SSRT071438", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + }, + { + "name": "25073", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25073" + }, + { + "name": "17717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17717" + }, + { + "name": "ADV-2006-1558", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1558" + }, + { + "name": "TA07-163A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" + }, + { + "name": "VU#783761", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/783761" + }, + { + "name": "ADV-2007-2154", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2154" + }, + { + "name": "HPSBST02231", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2417.json b/2006/2xxx/CVE-2006-2417.json index 37487f72c15..95bd60482ac 100644 --- a/2006/2xxx/CVE-2006-2417.json +++ b/2006/2xxx/CVE-2006-2417.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2" - }, - { - "name" : "SUSE-SR:2006:013", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html" - }, - { - "name" : "17973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17973" - }, - { - "name" : "ADV-2006-1794", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1794" - }, - { - "name" : "20113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20113" - }, - { - "name" : "20627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20627" - }, - { - "name" : "phpmyadmin-theme-parameter-xss(26444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2006:013", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html" + }, + { + "name": "20627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20627" + }, + { + "name": "phpmyadmin-theme-parameter-xss(26444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26444" + }, + { + "name": "17973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17973" + }, + { + "name": "ADV-2006-1794", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1794" + }, + { + "name": "20113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20113" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2580.json b/2006/2xxx/CVE-2006-2580.json index 52a3aaff0a8..43f3b759d22 100644 --- a/2006/2xxx/CVE-2006-2580.json +++ b/2006/2xxx/CVE-2006-2580.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02098", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434872/100/0/threaded" - }, - { - "name" : "SSRT5911", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434872/100/0/threaded" - }, - { - "name" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00672314", - "refsource" : "CONFIRM", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00672314" - }, - { - "name" : "18096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18096" - }, - { - "name" : "ADV-2006-1945", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1945" - }, - { - "name" : "1016137", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016137" - }, - { - "name" : "20193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20193" - }, - { - "name" : "966", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/966" - }, - { - "name" : "hp-openview-nnm-command-execution(26636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00672314", + "refsource": "CONFIRM", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00672314" + }, + { + "name": "966", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/966" + }, + { + "name": "20193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20193" + }, + { + "name": "ADV-2006-1945", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1945" + }, + { + "name": "HPSBMA02098", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434872/100/0/threaded" + }, + { + "name": "1016137", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016137" + }, + { + "name": "18096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18096" + }, + { + "name": "hp-openview-nnm-command-execution(26636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26636" + }, + { + "name": "SSRT5911", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434872/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3048.json b/2006/3xxx/CVE-2006-3048.json index 15f0c5556c3..4ab5c3a9c55 100644 --- a/2006/3xxx/CVE-2006-3048.json +++ b/2006/3xxx/CVE-2006-3048.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060613 TikiWiki Sql injection & XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437017/100/0/threaded" - }, - { - "name" : "GLSA-200606-29", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml" - }, - { - "name" : "18421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18421" - }, - { - "name" : "ADV-2006-2349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2349" - }, - { - "name" : "20648", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20648" - }, - { - "name" : "20850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20850" - }, - { - "name" : "1102", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1102" - }, - { - "name" : "tikiwiki-unspecified-sql-injection(27146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20850" + }, + { + "name": "18421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18421" + }, + { + "name": "20648", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20648" + }, + { + "name": "tikiwiki-unspecified-sql-injection(27146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27146" + }, + { + "name": "20060613 TikiWiki Sql injection & XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded" + }, + { + "name": "1102", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1102" + }, + { + "name": "ADV-2006-2349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2349" + }, + { + "name": "GLSA-200606-29", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3400.json b/2006/3xxx/CVE-2006-3400.json index b4d170a2894..a77598cef03 100644 --- a/2006/3xxx/CVE-2006-3400.json +++ b/2006/3xxx/CVE-2006-3400.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1976", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1976" - }, - { - "name" : "18777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18777" - }, - { - "name" : "ADV-2006-2657", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2657" - }, - { - "name" : "20946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20946" - }, - { - "name" : "quake3-cgservercommand-bo(27614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quake3-cgservercommand-bo(27614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27614" + }, + { + "name": "1976", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1976" + }, + { + "name": "20946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20946" + }, + { + "name": "18777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18777" + }, + { + "name": "ADV-2006-2657", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2657" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3596.json b/2006/3xxx/CVE-2006-3596.json index 4fffdaa8de3..0e4d67de146 100644 --- a/2006/3xxx/CVE-2006-3596.json +++ b/2006/3xxx/CVE-2006-3596.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060712 Cisco Intrusion Prevention System Malformed Packet Denial of Service", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml" - }, - { - "name" : "18955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18955" - }, - { - "name" : "ADV-2006-2772", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2772" - }, - { - "name" : "27163", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27163" - }, - { - "name" : "1016474", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016474" - }, - { - "name" : "21029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21029" - }, - { - "name" : "cisco-ips-ip-packet-dos(27692)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016474", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016474" + }, + { + "name": "21029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21029" + }, + { + "name": "18955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18955" + }, + { + "name": "cisco-ips-ip-packet-dos(27692)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27692" + }, + { + "name": "ADV-2006-2772", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2772" + }, + { + "name": "20060712 Cisco Intrusion Prevention System Malformed Packet Denial of Service", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml" + }, + { + "name": "27163", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27163" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3993.json b/2006/3xxx/CVE-2006-3993.json index 0a1291a3d3f..804f2b5b860 100644 --- a/2006/3xxx/CVE-2006-3993.json +++ b/2006/3xxx/CVE-2006-3993.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060801 TSEP 0.9.4.2 <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441828/100/0/threaded" - }, - { - "name" : "http://www.bb-pcsecurity.de/sicherheit_269.htm", - "refsource" : "MISC", - "url" : "http://www.bb-pcsecurity.de/sicherheit_269.htm" - }, - { - "name" : "2098", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2098" - }, - { - "name" : "https://svn.sourceforge.net/svnroot/tsep/tsep-svn/trunk/delivery/include/copyright.php", - "refsource" : "MISC", - "url" : "https://svn.sourceforge.net/svnroot/tsep/tsep-svn/trunk/delivery/include/copyright.php" - }, - { - "name" : "19268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19268" - }, - { - "name" : "ADV-2006-3095", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3095" - }, - { - "name" : "1016626", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016626" - }, - { - "name" : "21291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21291" - }, - { - "name" : "1323", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1323" - }, - { - "name" : "tsep-copyright-file-include(28107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tsep-copyright-file-include(28107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28107" + }, + { + "name": "http://www.bb-pcsecurity.de/sicherheit_269.htm", + "refsource": "MISC", + "url": "http://www.bb-pcsecurity.de/sicherheit_269.htm" + }, + { + "name": "https://svn.sourceforge.net/svnroot/tsep/tsep-svn/trunk/delivery/include/copyright.php", + "refsource": "MISC", + "url": "https://svn.sourceforge.net/svnroot/tsep/tsep-svn/trunk/delivery/include/copyright.php" + }, + { + "name": "21291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21291" + }, + { + "name": "ADV-2006-3095", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3095" + }, + { + "name": "1016626", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016626" + }, + { + "name": "2098", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2098" + }, + { + "name": "19268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19268" + }, + { + "name": "1323", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1323" + }, + { + "name": "20060801 TSEP 0.9.4.2 <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441828/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6019.json b/2006/6xxx/CVE-2006-6019.json index abc5c1bb967..765995f5e04 100644 --- a/2006/6xxx/CVE-2006-6019.json +++ b/2006/6xxx/CVE-2006-6019.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061116 Bloo => 1.00 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451777/100/0/threaded" - }, - { - "name" : "http://www.xmors.com/forum/index.php?topic=1175.msg5782;topicsen", - "refsource" : "MISC", - "url" : "http://www.xmors.com/forum/index.php?topic=1175.msg5782;topicsen" - }, - { - "name" : "21130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21130" - }, - { - "name" : "bloo-googlespell-xss(30326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xmors.com/forum/index.php?topic=1175.msg5782;topicsen", + "refsource": "MISC", + "url": "http://www.xmors.com/forum/index.php?topic=1175.msg5782;topicsen" + }, + { + "name": "20061116 Bloo => 1.00 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451777/100/0/threaded" + }, + { + "name": "bloo-googlespell-xss(30326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30326" + }, + { + "name": "21130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21130" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6337.json b/2006/6xxx/CVE-2006-6337.json index 7213f66dc20..e53d6723479 100644 --- a/2006/6xxx/CVE-2006-6337.json +++ b/2006/6xxx/CVE-2006-6337.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061201 Aspee Ziyaret&ccedil;i Defteri (tr) Sql injection Vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453234/100/0/threaded" - }, - { - "name" : "20061216 Doğantepe Ziyaretçi Defteri (tr) Sql Injection Vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454589/100/0/threaded" - }, - { - "name" : "21398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21398" - }, - { - "name" : "21627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21627" - }, - { - "name" : "ADV-2006-4825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4825" - }, - { - "name" : "23291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23291" - }, - { - "name" : "antepe-giris-sql-injection(30919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21627" + }, + { + "name": "23291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23291" + }, + { + "name": "ADV-2006-4825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4825" + }, + { + "name": "20061216 Doğantepe Ziyaretçi Defteri (tr) Sql Injection Vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454589/100/0/threaded" + }, + { + "name": "antepe-giris-sql-injection(30919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30919" + }, + { + "name": "20061201 Aspee Ziyaret&ccedil;i Defteri (tr) Sql injection Vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453234/100/0/threaded" + }, + { + "name": "21398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21398" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6758.json b/2006/6xxx/CVE-2006-6758.json index 786e13cdc4d..b64c5767a7a 100644 --- a/2006/6xxx/CVE-2006-6758.json +++ b/2006/6xxx/CVE-2006-6758.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2974", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2974" - }, - { - "name" : "21712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21712" - }, - { - "name" : "ADV-2006-5128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5128" - }, - { - "name" : "1017432", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5128" + }, + { + "name": "2974", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2974" + }, + { + "name": "1017432", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017432" + }, + { + "name": "21712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21712" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7031.json b/2006/7xxx/CVE-2006-7031.json index dbd96e74ddc..f6e17928a52 100644 --- a/2006/7xxx/CVE-2006-7031.json +++ b/2006/7xxx/CVE-2006-7031.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an \"unhandled exception\" in mshtml.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1775", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1775" - }, - { - "name" : "17932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an \"unhandled exception\" in mshtml.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1775", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1775" + }, + { + "name": "17932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17932" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0324.json b/2011/0xxx/CVE-2011-0324.json index 8803aaba3ae..705c1d11bbb 100644 --- a/2011/0xxx/CVE-2011-0324.json +++ b/2011/0xxx/CVE-2011-0324.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allow remote attackers to execute arbitrary code via a long (1) KeyString property, (2) NewPath parameter to the SetLocalIniFilePath method, or (3) NewPortPath parameter to the SetTabletPortPath method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-0324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2011-2/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2011-2/" - }, - { - "name" : "46128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46128" - }, - { - "name" : "42800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42800" - }, - { - "name" : "sigplus-keystring-bo(65114)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65114" - }, - { - "name" : "sigplus-newpath-bo(65115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65115" - }, - { - "name" : "sigplus-newportpath-bo(65116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allow remote attackers to execute arbitrary code via a long (1) KeyString property, (2) NewPath parameter to the SetLocalIniFilePath method, or (3) NewPortPath parameter to the SetTabletPortPath method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2011-2/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2011-2/" + }, + { + "name": "sigplus-keystring-bo(65114)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65114" + }, + { + "name": "42800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42800" + }, + { + "name": "46128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46128" + }, + { + "name": "sigplus-newpath-bo(65115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65115" + }, + { + "name": "sigplus-newportpath-bo(65116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65116" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0381.json b/2011/0xxx/CVE-2011-0381.json index 61a5d7c3b35..8d0a105bd02 100644 --- a/2011/0xxx/CVE-2011-0381.json +++ b/2011/0xxx/CVE-2011-0381.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a \"command injection vulnerability,\" aka Bug ID CSCtf97085." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Manager", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14f.shtml" - }, - { - "name" : "46526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46526" - }, - { - "name" : "1025111", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025111" - }, - { - "name" : "telepresence-manager-rmi-command-exec(65619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a \"command injection vulnerability,\" aka Bug ID CSCtf97085." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46526" + }, + { + "name": "1025111", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025111" + }, + { + "name": "telepresence-manager-rmi-command-exec(65619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65619" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Manager", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0740.json b/2011/0xxx/CVE-2011-0740.json index 60b1c6a02a5..3c1613805ce 100644 --- a/2011/0xxx/CVE-2011-0740.json +++ b/2011/0xxx/CVE-2011-0740.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.autosectools.com/Advisories/WordPress.RSS.Feed.Reader.for.WordPress.0.1_Reflected.Cross-site.Scripting_82.html", - "refsource" : "MISC", - "url" : "http://www.autosectools.com/Advisories/WordPress.RSS.Feed.Reader.for.WordPress.0.1_Reflected.Cross-site.Scripting_82.html" - }, - { - "name" : "45997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45997" - }, - { - "name" : "70644", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70644" - }, - { - "name" : "43071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43071" - }, - { - "name" : "rssfeedreader-slashbox-xss(64949)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rssfeedreader-slashbox-xss(64949)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64949" + }, + { + "name": "45997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45997" + }, + { + "name": "http://www.autosectools.com/Advisories/WordPress.RSS.Feed.Reader.for.WordPress.0.1_Reflected.Cross-site.Scripting_82.html", + "refsource": "MISC", + "url": "http://www.autosectools.com/Advisories/WordPress.RSS.Feed.Reader.for.WordPress.0.1_Reflected.Cross-site.Scripting_82.html" + }, + { + "name": "70644", + "refsource": "OSVDB", + "url": "http://osvdb.org/70644" + }, + { + "name": "43071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43071" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0777.json b/2011/0xxx/CVE-2011-0777.json index 2f9147a751e..fd1dcfda2c2 100644 --- a/2011/0xxx/CVE-2011-0777.json +++ b/2011/0xxx/CVE-2011-0777.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=55831", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=55831" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html" - }, - { - "name" : "DSA-2166", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2166" - }, - { - "name" : "oval:org.mitre.oval:def:14514", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14514" - }, - { - "name" : "43368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43368" - }, - { - "name" : "ADV-2011-0408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43368" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=55831", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=55831" + }, + { + "name": "DSA-2166", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2166" + }, + { + "name": "ADV-2011-0408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0408" + }, + { + "name": "oval:org.mitre.oval:def:14514", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14514" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1100.json b/2011/1xxx/CVE-2011-1100.json index df6fca6508f..4c05d53e147 100644 --- a/2011/1xxx/CVE-2011-1100.json +++ b/2011/1xxx/CVE-2011-1100.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16160", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16160" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php" - }, - { - "name" : "pixelpost-index-multiple-sql-injection(65474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16160", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16160" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php" + }, + { + "name": "pixelpost-index-multiple-sql-injection(65474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65474" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1364.json b/2011/1xxx/CVE-2011-1364.json index db3925a928f..b5a3a7e0c27 100644 --- a/2011/1xxx/CVE-2011-1364.json +++ b/2011/1xxx/CVE-2011-1364.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.watchfire.com/files/googleappenginesdk.pdf", - "refsource" : "MISC", - "url" : "http://blog.watchfire.com/files/googleappenginesdk.pdf" - }, - { - "name" : "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", - "refsource" : "MISC", - "url" : "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes" - }, - { - "name" : "50075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50075" - }, - { - "name" : "google-app-engine-csrf(69958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", + "refsource": "MISC", + "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes" + }, + { + "name": "google-app-engine-csrf(69958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69958" + }, + { + "name": "50075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50075" + }, + { + "name": "http://blog.watchfire.com/files/googleappenginesdk.pdf", + "refsource": "MISC", + "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1790.json b/2011/1xxx/CVE-2011-1790.json index bfa03346ac6..6dda43e535b 100644 --- a/2011/1xxx/CVE-2011-1790.json +++ b/2011/1xxx/CVE-2011-1790.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1790", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1790", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3195.json b/2011/3xxx/CVE-2011-3195.json index bf73df932c3..933360a44fa 100644 --- a/2011/3xxx/CVE-2011-3195.json +++ b/2011/3xxx/CVE-2011-3195.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/13/1" - }, - { - "name" : "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/24/10" - }, - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477" - }, - { - "name" : "DSA-2365", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1" + }, + { + "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477" + }, + { + "name": "DSA-2365", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2365" + }, + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3248.json b/2011/3xxx/CVE-2011-3248.json index 9de501a634d..cffabadb092 100644 --- a/2011/3xxx/CVE-2011-3248.json +++ b/2011/3xxx/CVE-2011-3248.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5016", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5016" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "oval:org.mitre.oval:def:16012", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5016", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5016" + }, + { + "name": "oval:org.mitre.oval:def:16012", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16012" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3523.json b/2011/3xxx/CVE-2011-3523.json index 3c5dbfaf900..27e4e6e9c67 100644 --- a/2011/3xxx/CVE-2011-3523.json +++ b/2011/3xxx/CVE-2011-3523.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console, a different vulnerability than CVE-2011-2237." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50209" - }, - { - "name" : "76490", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76490" - }, - { - "name" : "ofm-wsmgr-wsmc-unspecified(70798)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console, a different vulnerability than CVE-2011-2237." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76490", + "refsource": "OSVDB", + "url": "http://osvdb.org/76490" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "50209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50209" + }, + { + "name": "ofm-wsmgr-wsmc-unspecified(70798)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70798" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4148.json b/2011/4xxx/CVE-2011-4148.json index 13b55036f28..43e94c886b0 100644 --- a/2011/4xxx/CVE-2011-4148.json +++ b/2011/4xxx/CVE-2011-4148.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4148", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4148", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4414.json b/2011/4xxx/CVE-2011-4414.json index 7005adbf125..f112470c608 100644 --- a/2011/4xxx/CVE-2011-4414.json +++ b/2011/4xxx/CVE-2011-4414.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4414", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4414", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4999.json b/2011/4xxx/CVE-2011-4999.json index 9c8c3192e6b..8abed13c12f 100644 --- a/2011/4xxx/CVE-2011-4999.json +++ b/2011/4xxx/CVE-2011-4999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4999", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4999", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5057.json b/2013/5xxx/CVE-2013-5057.json index 1be24f803b0..90cca5b122a 100644 --- a/2013/5xxx/CVE-2013-5057.json +++ b/2013/5xxx/CVE-2013-5057.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka \"HXDS ASLR Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-5057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2013/12/09/ms13-106-another-aslr-bypass-is-gone.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2013/12/09/ms13-106-another-aslr-bypass-is-gone.aspx" - }, - { - "name" : "MS13-106", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka \"HXDS ASLR Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-106", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-106" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2013/12/09/ms13-106-another-aslr-bypass-is-gone.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2013/12/09/ms13-106-another-aslr-bypass-is-gone.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5961.json b/2013/5xxx/CVE-2013-5961.json index aa94c9bf069..c7b4a95465c 100644 --- a/2013/5xxx/CVE-2013-5961.json +++ b/2013/5xxx/CVE-2013-5961.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28452", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28452" - }, - { - "name" : "http://packetstormsecurity.com/files/123349", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123349" - }, - { - "name" : "97662", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97662" - }, - { - "name" : "wp-lazyseo-lazyseo-file-upload(87384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wp-lazyseo-lazyseo-file-upload(87384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87384" + }, + { + "name": "http://packetstormsecurity.com/files/123349", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123349" + }, + { + "name": "28452", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28452" + }, + { + "name": "97662", + "refsource": "OSVDB", + "url": "http://osvdb.org/97662" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2022.json b/2014/2xxx/CVE-2014-2022.json index b7f3e8416ea..9ff52041d87 100644 --- a/2014/2xxx/CVE-2014-2022.json +++ b/2014/2xxx/CVE-2014-2022.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141013 CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/56" - }, - { - "name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022", - "refsource" : "MISC", - "url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022" - }, - { - "name" : "http://packetstormsecurity.com/files/128696/vBulletin-4.x-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128696/vBulletin-4.x-SQL-Injection.html" - }, - { - "name" : "70417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70417" - }, - { - "name" : "1031001", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031001", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031001" + }, + { + "name": "70417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70417" + }, + { + "name": "http://packetstormsecurity.com/files/128696/vBulletin-4.x-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128696/vBulletin-4.x-SQL-Injection.html" + }, + { + "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022", + "refsource": "MISC", + "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022" + }, + { + "name": "20141013 CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/56" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6093.json b/2014/6xxx/CVE-2014-6093.json index bc7c8828967..65640027f42 100644 --- a/2014/6xxx/CVE-2014-6093.json +++ b/2014/6xxx/CVE-2014-6093.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689849", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689849" - }, - { - "name" : "PI24678", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678" - }, - { - "name" : "1031359", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031359" - }, - { - "name" : "59752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59752" - }, - { - "name" : "60912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60912" - }, - { - "name" : "ibm-wsportal-cve20146093-xss(95921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689849", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689849" + }, + { + "name": "1031359", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031359" + }, + { + "name": "59752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59752" + }, + { + "name": "ibm-wsportal-cve20146093-xss(95921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95921" + }, + { + "name": "60912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60912" + }, + { + "name": "PI24678", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6386.json b/2014/6xxx/CVE-2014-6386.json index 8eba2ac29a9..8e6fe17a7df 100644 --- a/2014/6xxx/CVE-2014-6386.json +++ b/2014/6xxx/CVE-2014-6386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10670", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10670" - }, - { - "name" : "72067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72067" - }, - { - "name" : "1031548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10670", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10670" + }, + { + "name": "72067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72067" + }, + { + "name": "1031548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031548" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6535.json b/2014/6xxx/CVE-2014-6535.json index d5bf9b4c15b..3638a77ab91 100644 --- a/2014/6xxx/CVE-2014-6535.json +++ b/2014/6xxx/CVE-2014-6535.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via vectors related to SECURITY." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70562" - }, - { - "name" : "1031044", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031044" - }, - { - "name" : "61701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via vectors related to SECURITY." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031044", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031044" + }, + { + "name": "61701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61701" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70562" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7074.json b/2014/7xxx/CVE-2014-7074.json index 612d988d8d0..d7be12f6fbd 100644 --- a/2014/7xxx/CVE-2014-7074.json +++ b/2014/7xxx/CVE-2014-7074.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7074", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7074", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7352.json b/2014/7xxx/CVE-2014-7352.json index 0a1231a0cb4..33ed2f0fa23 100644 --- a/2014/7xxx/CVE-2014-7352.json +++ b/2014/7xxx/CVE-2014-7352.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#444337", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/444337" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#444337", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/444337" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7829.json b/2014/7xxx/CVE-2014-7829.json index 6f64d875973..88deea928eb 100644 --- a/2014/7xxx/CVE-2014-7829.json +++ b/2014/7xxx/CVE-2014-7829.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \\ (backslash) character, a similar issue to CVE-2014-7818." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rubyonrails-security] 20141117 [CVE-2014-7829] Arbitrary file existence disclosure in Action Pack", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ" - }, - { - "name" : "https://puppet.com/security/cve/cve-2014-7829", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2014-7829" - }, - { - "name" : "openSUSE-SU-2014:1515", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" - }, - { - "name" : "71183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \\ (backslash) character, a similar issue to CVE-2014-7818." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/cve-2014-7829", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2014-7829" + }, + { + "name": "openSUSE-SU-2014:1515", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" + }, + { + "name": "71183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71183" + }, + { + "name": "[rubyonrails-security] 20141117 [CVE-2014-7829] Arbitrary file existence disclosure in Action Pack", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0081.json b/2017/0xxx/CVE-2017-0081.json index d5a16e7a92c..f8a53112b92 100644 --- a/2017/0xxx/CVE-2017-0081.json +++ b/2017/0xxx/CVE-2017-0081.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Win32k", - "version" : { - "version_data" : [ - { - "version_value" : "The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Win32k", + "version": { + "version_data": [ + { + "version_value": "The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081" - }, - { - "name" : "96634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96634" - }, - { - "name" : "1038017", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081" + }, + { + "name": "96634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96634" + }, + { + "name": "1038017", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038017" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0082.json b/2017/0xxx/CVE-2017-0082.json index 1957b205e8b..7eaef9d4d65 100644 --- a/2017/0xxx/CVE-2017-0082.json +++ b/2017/0xxx/CVE-2017-0082.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Win32k", - "version" : { - "version_data" : [ - { - "version_value" : "The kernel-mode drivers in Microsoft Windows 10 Gold and 1511" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, and CVE-2017-0081." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Win32k", + "version": { + "version_data": [ + { + "version_value": "The kernel-mode drivers in Microsoft Windows 10 Gold and 1511" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082" - }, - { - "name" : "96635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96635" - }, - { - "name" : "1038017", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, and CVE-2017-0081." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96635" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082" + }, + { + "name": "1038017", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038017" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0298.json b/2017/0xxx/CVE-2017-0298.json index 839fe111458..ab584bff956 100644 --- a/2017/0xxx/CVE-2017-0298.json +++ b/2017/0xxx/CVE-2017-0298.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows COM", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka \"Windows COM Session Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows COM", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0298", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0298" - }, - { - "name" : "98841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka \"Windows COM Session Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0298", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0298" + }, + { + "name": "98841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98841" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0894.json b/2017/0xxx/CVE-2017-0894.json index c8723765968..05f9b0af83d 100644 --- a/2017/0xxx/CVE-2017-0894.json +++ b/2017/0xxx/CVE-2017-0894.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "before 11.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through Directory Listing (CWE-285)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "before 11.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/218876", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/218876" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-011", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Through Directory Listing (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-011", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-011" + }, + { + "name": "https://hackerone.com/reports/218876", + "refsource": "MISC", + "url": "https://hackerone.com/reports/218876" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000036.json b/2017/1000xxx/CVE-2017-1000036.json index 4c85fcc6ab6..c84d901a167 100644 --- a/2017/1000xxx/CVE-2017-1000036.json +++ b/2017/1000xxx/CVE-2017-1000036.json @@ -1,21 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.285200", - "ID" : "CVE-2017-1000036", - "REQUESTER" : "ben@langfeld.me", - "STATE" : "REJECT", - "STATE_DETAIL" : "BAD_REF_URL" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000036", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000096.json b/2017/1000xxx/CVE-2017-1000096.json index 9f6b27478a9..bd2f0ede694 100644 --- a/2017/1000xxx/CVE-2017-1000096.json +++ b/2017/1000xxx/CVE-2017-1000096.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.314419", - "ID" : "CVE-2017-1000096", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Pipeline: Groovy Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.36 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Pipeline: Groovy Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incomplete sandboxxing" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.314419", + "ID": "CVE-2017-1000096", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-07-10/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-07-10/" - }, - { - "name" : "99571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99571" + }, + { + "name": "https://jenkins.io/security/advisory/2017-07-10/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-07-10/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000142.json b/2017/1000xxx/CVE-2017-1000142.json index b3587336483..46d040b13ba 100644 --- a/2017/1000xxx/CVE-2017-1000142.json +++ b/2017/1000xxx/CVE-2017-1000142.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.353953", - "ID" : "CVE-2017-1000142", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<1.8.7, <1.9.5, <1.10.3, <15.04.0" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.353953", + "ID": "CVE-2017-1000142", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1425306", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1425306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1425306", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1425306" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18193.json b/2017/18xxx/CVE-2017-18193.json index 3cc8a881fef..a8d723153b1 100644 --- a/2017/18xxx/CVE-2017-18193.json +++ b/2017/18xxx/CVE-2017-18193.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0" - }, - { - "name" : "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0" - }, - { - "name" : "DSA-4188", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4188" - }, - { - "name" : "USN-3654-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3654-1/" - }, - { - "name" : "USN-3654-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3654-2/" - }, - { - "name" : "USN-3656-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3656-1/" - }, - { - "name" : "103147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0" + }, + { + "name": "USN-3654-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3654-1/" + }, + { + "name": "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0" + }, + { + "name": "DSA-4188", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4188" + }, + { + "name": "103147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103147" + }, + { + "name": "USN-3654-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3654-2/" + }, + { + "name": "USN-3656-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3656-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1285.json b/2017/1xxx/CVE-2017-1285.json index 5b0468db789..fdb7c1b9f2f 100644 --- a/2017/1xxx/CVE-2017-1285.json +++ b/2017/1xxx/CVE-2017-1285.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-10T00:00:00", - "ID" : "CVE-2017-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MQ", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1" - }, - { - "version_value" : "9.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-10T00:00:00", + "ID": "CVE-2017-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MQ", + "version": { + "version_data": [ + { + "version_value": "9.0.1" + }, + { + "version_value": "9.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146" - }, - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22003856", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22003856" - }, - { - "name" : "99538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125146" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22003856", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22003856" + }, + { + "name": "99538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99538" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1314.json b/2017/1xxx/CVE-2017-1314.json index 428d4306bb8..0e62a3c09bf 100644 --- a/2017/1xxx/CVE-2017-1314.json +++ b/2017/1xxx/CVE-2017-1314.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171314-xss(125725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + }, + { + "name": "ibm-rqm-cve20171314-xss(125725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1330.json b/2017/1xxx/CVE-2017-1330.json index d43a706ae7e..ac3e5072197 100644 --- a/2017/1xxx/CVE-2017-1330.json +++ b/2017/1xxx/CVE-2017-1330.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1330", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1330", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1514.json b/2017/1xxx/CVE-2017-1514.json index 486c3ba18de..4f12d7f7dba 100644 --- a/2017/1xxx/CVE-2017-1514.json +++ b/2017/1xxx/CVE-2017-1514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1514", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1514", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1517.json b/2017/1xxx/CVE-2017-1517.json index 7d948b95cd0..8c7a2bb2e38 100644 --- a/2017/1xxx/CVE-2017-1517.json +++ b/2017/1xxx/CVE-2017-1517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1988.json b/2017/1xxx/CVE-2017-1988.json index 7a05e1d52c4..9e30a38295f 100644 --- a/2017/1xxx/CVE-2017-1988.json +++ b/2017/1xxx/CVE-2017-1988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1988", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1988", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5091.json b/2017/5xxx/CVE-2017-5091.json index 8d54afd669f..b227c4ac822 100644 --- a/2017/5xxx/CVE-2017-5091.json +++ b/2017/5xxx/CVE-2017-5091.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/728887", - "refsource" : "MISC", - "url" : "https://crbug.com/728887" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:1833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1833" - }, - { - "name" : "99950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/728887", + "refsource": "MISC", + "url": "https://crbug.com/728887" + }, + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" + }, + { + "name": "99950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99950" + }, + { + "name": "RHSA-2017:1833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1833" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5372.json b/2017/5xxx/CVE-2017-5372.json index a6beecb3371..49d8fe2b447 100644 --- a/2017/5xxx/CVE-2017-5372.json +++ b/2017/5xxx/CVE-2017-5372.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170119 [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jan/50" - }, - { - "name" : "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/" - }, - { - "name" : "93504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/" + }, + { + "name": "20170119 [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Jan/50" + }, + { + "name": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html" + }, + { + "name": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/" + }, + { + "name": "93504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93504" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5809.json b/2017/5xxx/CVE-2017-5809.json index 9fa9454a38a..81c01a43e28 100644 --- a/2017/5xxx/CVE-2017-5809.json +++ b/2017/5xxx/CVE-2017-5809.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-02T00:00:00", - "ID" : "CVE-2017-5809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Data Protector", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 8.17 and 9.09" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Arbitrary Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-02T00:00:00", + "ID": "CVE-2017-5809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Protector", + "version": { + "version_data": [ + { + "version_value": "prior to 8.17 and 9.09" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf", - "refsource" : "MISC", - "url" : "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us" - }, - { - "name" : "100088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf", + "refsource": "MISC", + "url": "https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us" + }, + { + "name": "100088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100088" + } + ] + } +} \ No newline at end of file