diff --git a/2006/0xxx/CVE-2006-0599.json b/2006/0xxx/CVE-2006-0599.json index 1c7d3e59c0d..3958e397914 100644 --- a/2006/0xxx/CVE-2006-0599.json +++ b/2006/0xxx/CVE-2006-0599.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/0003-r1472-Do-not-distinguish-between-invalid-user-name-and-invalid-password.txt?bug=349528;msg=15;att=3", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/0003-r1472-Do-not-distinguish-between-invalid-user-name-and-invalid-password.txt?bug=349528;msg=15;att=3" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528" - }, - { - "name" : "DSA-967", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-967" - }, - { - "name" : "16579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16579" - }, - { - "name" : "18783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18783" - }, - { - "name" : "elog-elog-elogd-user-enumeration(24706)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16579" + }, + { + "name": "elog-elog-elogd-user-enumeration(24706)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24706" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528" + }, + { + "name": "18783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18783" + }, + { + "name": "DSA-967", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-967" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/0003-r1472-Do-not-distinguish-between-invalid-user-name-and-invalid-password.txt?bug=349528;msg=15;att=3", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/0003-r1472-Do-not-distinguish-between-invalid-user-name-and-invalid-password.txt?bug=349528;msg=15;att=3" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0602.json b/2006/0xxx/CVE-2006-0602.json index 565bbfccc80..1705112e6c4 100644 --- a/2006/0xxx/CVE-2006-0602.json +++ b/2006/0xxx/CVE-2006-0602.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060211 [eVuln] phphg Guestbook Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424740/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/58/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/58/summary.html" - }, - { - "name" : "16541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16541" - }, - { - "name" : "ADV-2006-0480", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0480" - }, - { - "name" : "1015620", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015620" - }, - { - "name" : "18758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0480", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0480" + }, + { + "name": "16541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16541" + }, + { + "name": "1015620", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015620" + }, + { + "name": "http://evuln.com/vulns/58/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/58/summary.html" + }, + { + "name": "18758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18758" + }, + { + "name": "20060211 [eVuln] phphg Guestbook Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424740/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3354.json b/2006/3xxx/CVE-2006-3354.json index 77acfa145c1..d235f71a48a 100644 --- a/2006/3xxx/CVE-2006-3354.json +++ b/2006/3xxx/CVE-2006-3354.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html" - }, - { - "name" : "18773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18773" - }, - { - "name" : "26834", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26834" - }, - { - "name" : "ie-adodb-recordset-dos(27596)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html" + }, + { + "name": "ie-adodb-recordset-dos(27596)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596" + }, + { + "name": "18773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18773" + }, + { + "name": "26834", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26834" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3532.json b/2006/3xxx/CVE-2006-3532.json index 36a612b7dbc..396829763e5 100644 --- a/2006/3xxx/CVE-2006-3532.json +++ b/2006/3xxx/CVE-2006-3532.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439495/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/pivot_130RC2_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/pivot_130RC2_xpl.html" - }, - { - "name" : "18881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18881" - }, - { - "name" : "27512", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27512" - }, - { - "name" : "20962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20962" - }, - { - "name" : "1214", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1214" - }, - { - "name" : "pivot-editnew-file-include(27679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439495/100/0/threaded" + }, + { + "name": "http://retrogod.altervista.org/pivot_130RC2_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/pivot_130RC2_xpl.html" + }, + { + "name": "pivot-editnew-file-include(27679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27679" + }, + { + "name": "20962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20962" + }, + { + "name": "18881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18881" + }, + { + "name": "1214", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1214" + }, + { + "name": "27512", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27512" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4030.json b/2006/4xxx/CVE-2006-4030.json index ce8bd483c54..cf92f216f83 100644 --- a/2006/4xxx/CVE-2006-4030.json +++ b/2006/4xxx/CVE-2006-4030.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to \"two file exposure bugs.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285" - }, - { - "name" : "DSA-1148", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1148" - }, - { - "name" : "19453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19453" - }, - { - "name" : "ADV-2006-3250", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3250" - }, - { - "name" : "16594", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16594" - }, - { - "name" : "21502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to \"two file exposure bugs.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19453" + }, + { + "name": "21502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21502" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285" + }, + { + "name": "ADV-2006-3250", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3250" + }, + { + "name": "DSA-1148", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1148" + }, + { + "name": "16594", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16594" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4048.json b/2006/4xxx/CVE-2006-4048.json index 987cf99ecd2..935f57fbf6d 100644 --- a/2006/4xxx/CVE-2006-4048.json +++ b/2006/4xxx/CVE-2006-4048.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19421" - }, - { - "name" : "ADV-2006-3167", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3167" - }, - { - "name" : "27789", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27789" - }, - { - "name" : "21347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21347" - }, - { - "name" : "netiouscms-sessionmgmt-session-hijacking(28264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21347" + }, + { + "name": "19421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19421" + }, + { + "name": "ADV-2006-3167", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3167" + }, + { + "name": "27789", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27789" + }, + { + "name": "netiouscms-sessionmgmt-session-hijacking(28264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28264" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4392.json b/2006/4xxx/CVE-2006-4392.json index a2cc2a50d3c..edc7ef6a213 100644 --- a/2006/4xxx/CVE-2006-4392.json +++ b/2006/4xxx/CVE-2006-4392.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060929 Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447396/100/0/threaded" - }, - { - "name" : "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/", - "refsource" : "MISC", - "url" : "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/" - }, - { - "name" : "APPLE-SA-2006-09-29", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" - }, - { - "name" : "TA06-275A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-275A.html" - }, - { - "name" : "VU#838404", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/838404" - }, - { - "name" : "20271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20271" - }, - { - "name" : "ADV-2006-3852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3852" - }, - { - "name" : "29269", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29269" - }, - { - "name" : "1016954", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016954" - }, - { - "name" : "22187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22187" - }, - { - "name" : "1663", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1663" - }, - { - "name" : "macos-kernel-code-execution(29281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20271" + }, + { + "name": "1016954", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016954" + }, + { + "name": "22187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22187" + }, + { + "name": "ADV-2006-3852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3852" + }, + { + "name": "APPLE-SA-2006-09-29", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" + }, + { + "name": "20060929 Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded" + }, + { + "name": "VU#838404", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/838404" + }, + { + "name": "29269", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29269" + }, + { + "name": "TA06-275A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html" + }, + { + "name": "1663", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1663" + }, + { + "name": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/", + "refsource": "MISC", + "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/" + }, + { + "name": "macos-kernel-code-execution(29281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4441.json b/2006/4xxx/CVE-2006-4441.json index 01c61883c84..4277736fc59 100644 --- a/2006/4xxx/CVE-2006-4441.json +++ b/2006/4xxx/CVE-2006-4441.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3394", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3394" - }, - { - "name" : "28246", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28246" - }, - { - "name" : "28247", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28247" - }, - { - "name" : "21661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21661" + }, + { + "name": "ADV-2006-3394", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3394" + }, + { + "name": "28246", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28246" + }, + { + "name": "28247", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28247" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6039.json b/2006/6xxx/CVE-2006-6039.json index 4d879042df3..38a4013d36b 100644 --- a/2006/6xxx/CVE-2006-6039.json +++ b/2006/6xxx/CVE-2006-6039.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2798", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2798" - }, - { - "name" : "21145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21145" - }, - { - "name" : "ADV-2006-4611", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4611" - }, - { - "name" : "22966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22966" - }, - { - "name" : "powies-matchdetail-sql-injection(30360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "powies-matchdetail-sql-injection(30360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30360" + }, + { + "name": "ADV-2006-4611", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4611" + }, + { + "name": "22966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22966" + }, + { + "name": "21145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21145" + }, + { + "name": "2798", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2798" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6160.json b/2006/6xxx/CVE-2006-6160.json index b523406151b..c7725c3b287 100644 --- a/2006/6xxx/CVE-2006-6160.json +++ b/2006/6xxx/CVE-2006-6160.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2846", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2846" - }, - { - "name" : "21292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21292" - }, - { - "name" : "ADV-2006-4704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4704" - }, - { - "name" : "liberum-details-sql-injection(30485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21292" + }, + { + "name": "liberum-details-sql-injection(30485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30485" + }, + { + "name": "ADV-2006-4704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4704" + }, + { + "name": "2846", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2846" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6454.json b/2006/6xxx/CVE-2006-6454.json index 209e79060b6..71f1398df89 100644 --- a/2006/6xxx/CVE-2006-6454.json +++ b/2006/6xxx/CVE-2006-6454.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-4905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4905" - }, - { - "name" : "jowamp-execinbackground-command-execution(30781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jowamp-execinbackground-command-execution(30781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30781" + }, + { + "name": "ADV-2006-4905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4905" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6736.json b/2006/6xxx/CVE-2006-6736.json index c88475df6b0..66082874663 100644 --- a/2006/6xxx/CVE-2006-6736.json +++ b/2006/6xxx/CVE-2006-6736.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to \"access data in other applets,\" aka \"The second issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307177", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=307177" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" - }, - { - "name" : "APPLE-SA-2007-12-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" - }, - { - "name" : "GLSA-200701-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-15.xml" - }, - { - "name" : "GLSA-200702-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200702-08.xml" - }, - { - "name" : "GLSA-200705-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml" - }, - { - "name" : "RHSA-2007:0062", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0062.html" - }, - { - "name" : "RHSA-2007:0072", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0072.html" - }, - { - "name" : "RHSA-2007:0073", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0073.html" - }, - { - "name" : "102732", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1" - }, - { - "name" : "SUSE-SA:2007:003", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html" - }, - { - "name" : "SUSE-SA:2007:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html" - }, - { - "name" : "SUSE-SA:2007:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_45_java.html" - }, - { - "name" : "21674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21674" - }, - { - "name" : "oval:org.mitre.oval:def:9729", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9729" - }, - { - "name" : "ADV-2006-5075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5075" - }, - { - "name" : "ADV-2007-4224", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4224" - }, - { - "name" : "1017427", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017427" - }, - { - "name" : "23398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23398" - }, - { - "name" : "23650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23650" - }, - { - "name" : "23835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23835" - }, - { - "name" : "24099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24099" - }, - { - "name" : "24189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24189" - }, - { - "name" : "25404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25404" - }, - { - "name" : "26049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26049" - }, - { - "name" : "26119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26119" - }, - { - "name" : "28115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to \"access data in other applets,\" aka \"The second issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=307177", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=307177" + }, + { + "name": "26049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26049" + }, + { + "name": "RHSA-2007:0062", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0062.html" + }, + { + "name": "24099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24099" + }, + { + "name": "25404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25404" + }, + { + "name": "1017427", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017427" + }, + { + "name": "24189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24189" + }, + { + "name": "ADV-2006-5075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5075" + }, + { + "name": "SUSE-SA:2007:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" + }, + { + "name": "APPLE-SA-2007-12-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" + }, + { + "name": "SUSE-SA:2007:003", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html" + }, + { + "name": "oval:org.mitre.oval:def:9729", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9729" + }, + { + "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" + }, + { + "name": "SUSE-SA:2007:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html" + }, + { + "name": "26119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26119" + }, + { + "name": "RHSA-2007:0072", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0072.html" + }, + { + "name": "21674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21674" + }, + { + "name": "ADV-2007-4224", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4224" + }, + { + "name": "23650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23650" + }, + { + "name": "23835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23835" + }, + { + "name": "RHSA-2007:0073", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0073.html" + }, + { + "name": "GLSA-200705-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml" + }, + { + "name": "28115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28115" + }, + { + "name": "GLSA-200702-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml" + }, + { + "name": "23398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23398" + }, + { + "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" + }, + { + "name": "102732", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1" + }, + { + "name": "GLSA-200701-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-15.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7183.json b/2006/7xxx/CVE-2006-7183.json index 0c01d87bf63..0cd2b72aba1 100644 --- a/2006/7xxx/CVE-2006-7183.json +++ b/2006/7xxx/CVE-2006-7183.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2850", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2850" - }, - { - "name" : "21313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21313" - }, - { - "name" : "exhibitengine-styles-file-include(30516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21313" + }, + { + "name": "exhibitengine-styles-file-include(30516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30516" + }, + { + "name": "2850", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2850" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2002.json b/2010/2xxx/CVE-2010-2002.json index ac8c550e63b..1ceb5b48b2d 100644 --- a/2010/2xxx/CVE-2010-2002.json +++ b/2010/2xxx/CVE-2010-2002.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with \"administer words filtered\" privileges, to inject arbitrary web script or HTML via the word list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/796618", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/796618" - }, - { - "name" : "http://drupal.org/node/796620", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/796620" - }, - { - "name" : "http://drupal.org/node/797208", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/797208" - }, - { - "name" : "40119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40119" - }, - { - "name" : "39811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with \"administer words filtered\" privileges, to inject arbitrary web script or HTML via the word list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/796618", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/796618" + }, + { + "name": "http://drupal.org/node/797208", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/797208" + }, + { + "name": "http://drupal.org/node/796620", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/796620" + }, + { + "name": "39811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39811" + }, + { + "name": "40119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40119" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2368.json b/2010/2xxx/CVE-2010-2368.json index 513033ad066..977fd4d4972 100644 --- a/2010/2xxx/CVE-2010-2368.json +++ b/2010/2xxx/CVE-2010-2368.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/about/press/20101012.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/about/press/20101012.html" - }, - { - "name" : "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html", - "refsource" : "CONFIRM", - "url" : "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html" - }, - { - "name" : "JVN#82752978", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN82752978/index.html" - }, - { - "name" : "JVNDB-2010-000037", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000037.html" - }, - { - "name" : "41742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html", + "refsource": "CONFIRM", + "url": "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html" + }, + { + "name": "JVNDB-2010-000037", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000037.html" + }, + { + "name": "JVN#82752978", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN82752978/index.html" + }, + { + "name": "41742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41742" + }, + { + "name": "http://www.ipa.go.jp/about/press/20101012.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/about/press/20101012.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2961.json b/2010/2xxx/CVE-2010-2961.json index bc540a0c340..b2e2a54f7f4 100644 --- a/2010/2xxx/CVE-2010-2961.json +++ b/2010/2xxx/CVE-2010-2961.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-2961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/591807", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/591807" - }, - { - "name" : "USN-985-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-985-1" - }, - { - "name" : "67914", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67914" - }, - { - "name" : "41351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41351" - }, - { - "name" : "ADV-2010-2342", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2342", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2342" + }, + { + "name": "67914", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67914" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/591807", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/591807" + }, + { + "name": "USN-985-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-985-1" + }, + { + "name": "41351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41351" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2969.json b/2010/2xxx/CVE-2010-2969.json index 52df585de88..aac5bf5999a 100644 --- a/2010/2xxx/CVE-2010-2969.json +++ b/2010/2xxx/CVE-2010-2969.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100701 CVE request: moin multiple XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127799369406968&w=2" - }, - { - "name" : "[oss-security] 20100702 Re: CVE request: moin multiple XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127809682420259&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809" - }, - { - "name" : "http://hg.moinmo.in/moin/1.7/rev/37306fba2189", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.7/rev/37306fba2189" - }, - { - "name" : "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES" - }, - { - "name" : "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572" - }, - { - "name" : "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg" - }, - { - "name" : "http://moinmo.in/MoinMoinRelease1.9", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/MoinMoinRelease1.9" - }, - { - "name" : "http://moinmo.in/SecurityFixes", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/SecurityFixes" - }, - { - "name" : "DSA-2083", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2083" - }, - { - "name" : "40549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40549" - }, - { - "name" : "40836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40836" - }, - { - "name" : "ADV-2010-1981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1981" + }, + { + "name": "http://moinmo.in/MoinMoinRelease1.9", + "refsource": "CONFIRM", + "url": "http://moinmo.in/MoinMoinRelease1.9" + }, + { + "name": "http://moinmo.in/SecurityFixes", + "refsource": "CONFIRM", + "url": "http://moinmo.in/SecurityFixes" + }, + { + "name": "40549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40549" + }, + { + "name": "DSA-2083", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2083" + }, + { + "name": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809" + }, + { + "name": "[oss-security] 20100701 CVE request: moin multiple XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127799369406968&w=2" + }, + { + "name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127809682420259&w=2" + }, + { + "name": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES" + }, + { + "name": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189" + }, + { + "name": "40836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40836" + }, + { + "name": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg", + "refsource": "CONFIRM", + "url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3374.json b/2010/3xxx/CVE-2010-3374.json index f32f887cb04..d9222877323 100644 --- a/2010/3xxx/CVE-2010-3374.json +++ b/2010/3xxx/CVE-2010-3374.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms", - "refsource" : "CONFIRM", - "url" : "http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms" - }, - { - "name" : "http://www.qt.gitorious.org/qt-creator/qt-creator/commit/3c00715c8e90c57953ec4a8716110f6954e524e4", - "refsource" : "CONFIRM", - "url" : "http://www.qt.gitorious.org/qt-creator/qt-creator/commit/3c00715c8e90c57953ec4a8716110f6954e524e4" - }, - { - "name" : "MDVSA-2010:193", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:193" - }, - { - "name" : "43672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43672" - }, - { - "name" : "ADV-2010-2559", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2559" - }, - { - "name" : "ADV-2010-2560", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2559", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2559" + }, + { + "name": "http://www.qt.gitorious.org/qt-creator/qt-creator/commit/3c00715c8e90c57953ec4a8716110f6954e524e4", + "refsource": "CONFIRM", + "url": "http://www.qt.gitorious.org/qt-creator/qt-creator/commit/3c00715c8e90c57953ec4a8716110f6954e524e4" + }, + { + "name": "MDVSA-2010:193", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:193" + }, + { + "name": "43672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43672" + }, + { + "name": "ADV-2010-2560", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2560" + }, + { + "name": "http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms", + "refsource": "CONFIRM", + "url": "http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3446.json b/2010/3xxx/CVE-2010-3446.json index eaae2ab0342..6facc9bc340 100644 --- a/2010/3xxx/CVE-2010-3446.json +++ b/2010/3xxx/CVE-2010-3446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3446", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3446", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0173.json b/2011/0xxx/CVE-2011-0173.json index 8d4b61c90ea..daeb3712c9b 100644 --- a/2011/0xxx/CVE-2011-0173.json +++ b/2011/0xxx/CVE-2011-0173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0280.json b/2011/0xxx/CVE-2011-0280.json index 2b3f850481c..68c6bf5cf8d 100644 --- a/2011/0xxx/CVE-2011-0280.json +++ b/2011/0xxx/CVE-2011-0280.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02629", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html" - }, - { - "name" : "SSRT100381", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html" - }, - { - "name" : "46830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46830" - }, - { - "name" : "43058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43058" - }, - { - "name" : "powermanager-unspecified-xss(66035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "powermanager-unspecified-xss(66035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66035" + }, + { + "name": "46830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46830" + }, + { + "name": "43058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43058" + }, + { + "name": "HPSBMA02629", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html" + }, + { + "name": "SSRT100381", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0584.json b/2011/0xxx/CVE-2011-0584.json index 996fd5fd35a..4435e4ac560 100644 --- a/2011/0xxx/CVE-2011-0584.json +++ b/2011/0xxx/CVE-2011-0584.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-04.html" - }, - { - "name" : "46278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46278" - }, - { - "name" : "1025036", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025036" - }, - { - "name" : "43264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43264" - }, - { - "name" : "ADV-2011-0334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0334" - }, - { - "name" : "adobe-coldfusion-session-hijacking(65280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-coldfusion-session-hijacking(65280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65280" + }, + { + "name": "ADV-2011-0334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0334" + }, + { + "name": "1025036", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025036" + }, + { + "name": "43264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43264" + }, + { + "name": "46278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46278" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0705.json b/2011/0xxx/CVE-2011-0705.json index 5b54ec74fa3..bd0679c6cae 100644 --- a/2011/0xxx/CVE-2011-0705.json +++ b/2011/0xxx/CVE-2011-0705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0705", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0705", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1122.json b/2011/1xxx/CVE-2011-1122.json index 0dcf360a658..2f5131ad15f 100644 --- a/2011/1xxx/CVE-2011-1122.json +++ b/2011/1xxx/CVE-2011-1122.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=71960", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=71960" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" - }, - { - "name" : "46614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46614" - }, - { - "name" : "oval:org.mitre.oval:def:14559", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14559" - }, - { - "name" : "google-chrome-webgl-dos(65740)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=71960", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=71960" + }, + { + "name": "google-chrome-webgl-dos(65740)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65740" + }, + { + "name": "46614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46614" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" + }, + { + "name": "oval:org.mitre.oval:def:14559", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14559" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1262.json b/2011/1xxx/CVE-2011-1262.json index afff3d10397..4cd1396c505 100644 --- a/2011/1xxx/CVE-2011-1262.json +++ b/2011/1xxx/CVE-2011-1262.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"HTTP Redirect Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" - }, - { - "name" : "oval:org.mitre.oval:def:12405", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"HTTP Redirect Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12405", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12405" + }, + { + "name": "MS11-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1553.json b/2011/1xxx/CVE-2011-1553.json index cf60f093fdf..d84ea86743b 100644 --- a/2011/1xxx/CVE-2011-1553.json +++ b/2011/1xxx/CVE-2011-1553.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517205/100/0/threaded" - }, - { - "name" : "http://www.toucan-system.com/advisories/tssa-2011-01.txt", - "refsource" : "MISC", - "url" : "http://www.toucan-system.com/advisories/tssa-2011-01.txt" - }, - { - "name" : "http://www.foolabs.com/xpdf/download.html", - "refsource" : "CONFIRM", - "url" : "http://www.foolabs.com/xpdf/download.html" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X" - }, - { - "name" : "GLSA-201701-57", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-57" - }, - { - "name" : "MDVSA-2012:144", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" - }, - { - "name" : "RHSA-2012:1201", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1201.html" - }, - { - "name" : "VU#376500", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/376500" - }, - { - "name" : "1025266", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025266" - }, - { - "name" : "43823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43823" - }, - { - "name" : "48985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48985" - }, - { - "name" : "8171", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8171" - }, - { - "name" : "ADV-2011-0728", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43823" + }, + { + "name": "48985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48985" + }, + { + "name": "8171", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8171" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X" + }, + { + "name": "ADV-2011-0728", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0728" + }, + { + "name": "RHSA-2012:1201", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html" + }, + { + "name": "http://www.foolabs.com/xpdf/download.html", + "refsource": "CONFIRM", + "url": "http://www.foolabs.com/xpdf/download.html" + }, + { + "name": "http://www.toucan-system.com/advisories/tssa-2011-01.txt", + "refsource": "MISC", + "url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt" + }, + { + "name": "VU#376500", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/376500" + }, + { + "name": "MDVSA-2012:144", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" + }, + { + "name": "GLSA-201701-57", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-57" + }, + { + "name": "1025266", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025266" + }, + { + "name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1957.json b/2011/1xxx/CVE-2011-1957.json index f04fb8a3d14..ff77db5cefa 100644 --- a/2011/1xxx/CVE-2011-1957.json +++ b/2011/1xxx/CVE-2011-1957.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/31/20" - }, - { - "name" : "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/01/1" - }, - { - "name" : "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/01/11" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=36958", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=36958" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-07.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-08.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5876", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5876" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=710021", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=710021" - }, - { - "name" : "DSA-2274", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2274" - }, - { - "name" : "FEDORA-2011-7821", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html" - }, - { - "name" : "FEDORA-2011-7846", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html" - }, - { - "name" : "FEDORA-2011-7858", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html" - }, - { - "name" : "48066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48066" - }, - { - "name" : "oval:org.mitre.oval:def:14325", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14325" - }, - { - "name" : "44449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44449" - }, - { - "name" : "45149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45149" - }, - { - "name" : "44958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44958" - }, - { - "name" : "48947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48947" - }, - { - "name" : "wireshark-dicom-dos(67790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44958" + }, + { + "name": "FEDORA-2011-7846", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-07.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-07.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=36958", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=36958" + }, + { + "name": "48947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48947" + }, + { + "name": "48066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48066" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-08.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-08.html" + }, + { + "name": "DSA-2274", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2274" + }, + { + "name": "44449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44449" + }, + { + "name": "oval:org.mitre.oval:def:14325", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14325" + }, + { + "name": "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/01/11" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5876", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5876" + }, + { + "name": "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/01/1" + }, + { + "name": "FEDORA-2011-7821", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html" + }, + { + "name": "wireshark-dicom-dos(67790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67790" + }, + { + "name": "[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/31/20" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=710021", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=710021" + }, + { + "name": "FEDORA-2011-7858", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html" + }, + { + "name": "45149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45149" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5288.json b/2011/5xxx/CVE-2011-5288.json index 91eea2bfc9f..6ea8e022cae 100644 --- a/2011/5xxx/CVE-2011-5288.json +++ b/2011/5xxx/CVE-2011-5288.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2) cmdImport, (3) cmdOpen, or (4) cmdSave method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23020", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2) cmdImport, (3) cmdOpen, or (4) cmdSave method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23020", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23020" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5371.json b/2011/5xxx/CVE-2011-5371.json index def42c4e577..eec33186fc7 100644 --- a/2011/5xxx/CVE-2011-5371.json +++ b/2011/5xxx/CVE-2011-5371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5371", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5371. Reason: This candidate is a duplicate of CVE-2012-5371. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5371 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-5371", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5371. Reason: This candidate is a duplicate of CVE-2012-5371. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5371 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3179.json b/2014/3xxx/CVE-2014-3179.json index f6dda177614..8695b5b53fb 100644 --- a/2014/3xxx/CVE-2014-3179.json +++ b/2014/3xxx/CVE-2014-3179.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=396447", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=396447" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=402255", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=402255" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=403596", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=403596" - }, - { - "name" : "https://crbug.com/411014", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/411014" - }, - { - "name" : "DSA-3039", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3039" - }, - { - "name" : "GLSA-201409-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-06.xml" - }, - { - "name" : "69710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69710" - }, - { - "name" : "61446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61446" - }, - { - "name" : "google-chrome-cve20143179-unspec(95816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=402255", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=402255" + }, + { + "name": "GLSA-201409-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-06.xml" + }, + { + "name": "https://crbug.com/411014", + "refsource": "CONFIRM", + "url": "https://crbug.com/411014" + }, + { + "name": "69710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69710" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=396447", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=396447" + }, + { + "name": "google-chrome-cve20143179-unspec(95816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95816" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=403596", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=403596" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html" + }, + { + "name": "61446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61446" + }, + { + "name": "DSA-3039", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3039" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3622.json b/2014/3xxx/CVE-2014-3622.json index 59cd8fdf1a0..89081e7cac9 100644 --- a/2014/3xxx/CVE-2014-3622.json +++ b/2014/3xxx/CVE-2014-3622.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3622", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3622", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3699.json b/2014/3xxx/CVE-2014-3699.json index ad6e50e5c6d..257a2ee02e5 100644 --- a/2014/3xxx/CVE-2014-3699.json +++ b/2014/3xxx/CVE-2014-3699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3699", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3699", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3974.json b/2014/3xxx/CVE-2014-3974.json index b66f58f1af3..f0db728181c 100644 --- a/2014/3xxx/CVE-2014-3974.json +++ b/2014/3xxx/CVE-2014-3974.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33555", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33555" - }, - { - "name" : "http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html", - "refsource" : "MISC", - "url" : "http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html" - }, - { - "name" : "http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html" - }, - { - "name" : "107554", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/107554" - }, - { - "name" : "58850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33555", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33555" + }, + { + "name": "http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html" + }, + { + "name": "58850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58850" + }, + { + "name": "http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html", + "refsource": "MISC", + "url": "http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html" + }, + { + "name": "107554", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/107554" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6026.json b/2014/6xxx/CVE-2014-6026.json index 9d4facb8076..738cc1e421f 100644 --- a/2014/6xxx/CVE-2014-6026.json +++ b/2014/6xxx/CVE-2014-6026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6243.json b/2014/6xxx/CVE-2014-6243.json index 055953fb263..ba1b78ea03a 100644 --- a/2014/6xxx/CVE-2014-6243.json +++ b/2014/6xxx/CVE-2014-6243.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533641/100/0/threaded" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23234", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23234" - }, - { - "name" : "http://packetstormsecurity.com/files/128621/WordPress-EWWW-Image-Optimizer-2.0.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128621/WordPress-EWWW-Image-Optimizer-2.0.1-Cross-Site-Scripting.html" - }, - { - "name" : "https://wordpress.org/plugins/ewww-image-optimizer/changelog", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/ewww-image-optimizer/changelog" - }, - { - "name" : "70190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70190" + }, + { + "name": "20141008 Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533641/100/0/threaded" + }, + { + "name": "https://wordpress.org/plugins/ewww-image-optimizer/changelog", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/ewww-image-optimizer/changelog" + }, + { + "name": "http://packetstormsecurity.com/files/128621/WordPress-EWWW-Image-Optimizer-2.0.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128621/WordPress-EWWW-Image-Optimizer-2.0.1-Cross-Site-Scripting.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23234", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23234" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6485.json b/2014/6xxx/CVE-2014-6485.json index 3527eaeb5b5..a6d522dde95 100644 --- a/2014/6xxx/CVE-2014-6485.json +++ b/2014/6xxx/CVE-2014-6485.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "70519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70519" - }, - { - "name" : "61632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61632" - }, - { - "name" : "61609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61609" + }, + { + "name": "70519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70519" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "61632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61632" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7323.json b/2014/7xxx/CVE-2014-7323.json index a5b7083689c..19661adf236 100644 --- a/2014/7xxx/CVE-2014-7323.json +++ b/2014/7xxx/CVE-2014-7323.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#942769", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/942769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#942769", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/942769" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7479.json b/2014/7xxx/CVE-2014-7479.json index 71ec63c45ff..4b2f3683da1 100644 --- a/2014/7xxx/CVE-2014-7479.json +++ b/2014/7xxx/CVE-2014-7479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7479", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7535.json b/2014/7xxx/CVE-2014-7535.json index a02ee017d17..ade968eecfd 100644 --- a/2014/7xxx/CVE-2014-7535.json +++ b/2014/7xxx/CVE-2014-7535.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Classic Racer (aka com.triactivemedia.classicracer) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#945849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/945849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Classic Racer (aka com.triactivemedia.classicracer) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#945849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/945849" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7744.json b/2014/7xxx/CVE-2014-7744.json index 5db738e2dcb..15d7c39745f 100644 --- a/2014/7xxx/CVE-2014-7744.json +++ b/2014/7xxx/CVE-2014-7744.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#789913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/789913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#789913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/789913" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8032.json b/2014/8xxx/CVE-2014-8032.json index 68a40f9e8ba..0d0ef389ac2 100644 --- a/2014/8xxx/CVE-2014-8032.json +++ b/2014/8xxx/CVE-2014-8032.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150108 Cisco WebEx Meetings Server Password Encryption Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8032" - }, - { - "name" : "71947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71947" - }, - { - "name" : "1031517", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031517" - }, - { - "name" : "cisco-webex-cve20148032-info-disc(100564)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031517", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031517" + }, + { + "name": "20150108 Cisco WebEx Meetings Server Password Encryption Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8032" + }, + { + "name": "cisco-webex-cve20148032-info-disc(100564)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100564" + }, + { + "name": "71947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71947" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8649.json b/2014/8xxx/CVE-2014-8649.json index f1cbce27434..87660cf2f17 100644 --- a/2014/8xxx/CVE-2014-8649.json +++ b/2014/8xxx/CVE-2014-8649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8649", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8649", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8880.json b/2014/8xxx/CVE-2014-8880.json index 0b06dfd480c..0f80ad04e6e 100644 --- a/2014/8xxx/CVE-2014-8880.json +++ b/2014/8xxx/CVE-2014-8880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2149.json b/2016/2xxx/CVE-2016-2149.json index a69061204f9..492a59cbe58 100644 --- a/2016/2xxx/CVE-2016-2149.json +++ b/2016/2xxx/CVE-2016-2149.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2016:1064", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1064", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1064" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2170.json b/2016/2xxx/CVE-2016-2170.json index ee11c5644eb..451ee624ae8 100644 --- a/2016/2xxx/CVE-2016-2170.json +++ b/2016/2xxx/CVE-2016-2170.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160408 CVE-2016-2170: Apache OFBiz information disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538034/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/136639/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136639/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html" - }, - { - "name" : "http://ofbiz.apache.org/download.html#vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://ofbiz.apache.org/download.html#vulnerabilities" - }, - { - "name" : "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04", - "refsource" : "CONFIRM", - "url" : "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04" - }, - { - "name" : "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07", - "refsource" : "CONFIRM", - "url" : "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07" - }, - { - "name" : "https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability" - }, - { - "name" : "https://issues.apache.org/jira/browse/OFBIZ-6726", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/OFBIZ-6726" - }, - { - "name" : "1035513", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ofbiz.apache.org/download.html#vulnerabilities", + "refsource": "CONFIRM", + "url": "http://ofbiz.apache.org/download.html#vulnerabilities" + }, + { + "name": "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04", + "refsource": "CONFIRM", + "url": "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04" + }, + { + "name": "1035513", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035513" + }, + { + "name": "https://issues.apache.org/jira/browse/OFBIZ-6726", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/OFBIZ-6726" + }, + { + "name": "https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability" + }, + { + "name": "20160408 CVE-2016-2170: Apache OFBiz information disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538034/100/0/threaded" + }, + { + "name": "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07", + "refsource": "CONFIRM", + "url": "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07" + }, + { + "name": "http://packetstormsecurity.com/files/136639/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136639/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2232.json b/2016/2xxx/CVE-2016-2232.json index 39b3b1be9ca..c8b2e10622e 100644 --- a/2016/2xxx/CVE-2016-2232.json +++ b/2016/2xxx/CVE-2016-2232.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2016-003.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2016-003.html" - }, - { - "name" : "DSA-3700", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3700" - }, - { - "name" : "1034931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.asterisk.org/pub/security/AST-2016-003.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html" + }, + { + "name": "1034931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034931" + }, + { + "name": "DSA-3700", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3700" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2291.json b/2016/2xxx/CVE-2016-2291.json index a575b3dd6eb..668d6fc7495 100644 --- a/2016/2xxx/CVE-2016-2291.json +++ b/2016/2xxx/CVE-2016-2291.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2752.json b/2016/2xxx/CVE-2016-2752.json index cfd3704ad01..f8da5f7f374 100644 --- a/2016/2xxx/CVE-2016-2752.json +++ b/2016/2xxx/CVE-2016-2752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2752", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2752", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1001xxx/CVE-2017-1001004.json b/2017/1001xxx/CVE-2017-1001004.json index 3718538d1f1..630eb50031b 100644 --- a/2017/1001xxx/CVE-2017-1001004.json +++ b/2017/1001xxx/CVE-2017-1001004.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1001004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "typed-function", - "version" : { - "version_data" : [ - { - "version_value" : "0.10.6" - } - ] - } - } - ] - }, - "vendor_name" : "typed-function" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-94: Improper Control of Generation of Code ('Code Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "josh@bress.net", + "ID": "CVE-2017-1001004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "typed-function", + "version": { + "version_data": [ + { + "version_value": "0.10.6" + } + ] + } + } + ] + }, + "vendor_name": "typed-function" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106", - "refsource" : "CONFIRM", - "url" : "https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106" - }, - { - "name" : "https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe", - "refsource" : "CONFIRM", - "url" : "https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe", + "refsource": "CONFIRM", + "url": "https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe" + }, + { + "name": "https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106", + "refsource": "CONFIRM", + "url": "https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18135.json b/2017/18xxx/CVE-2017-18135.json index e467e0f4eb4..8d4ca003c89 100644 --- a/2017/18xxx/CVE-2017-18135.json +++ b/2017/18xxx/CVE-2017-18135.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, in the Wireless Data Service (WDS) module, a buffer overflow can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, in the Wireless Data Service (WDS) module, a buffer overflow can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18208.json b/2017/18xxx/CVE-2017-18208.json index b2d4993bdc1..ca82ea0d286 100644 --- a/2017/18xxx/CVE-2017-18208.json +++ b/2017/18xxx/CVE-2017-18208.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4", - "refsource" : "MISC", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "USN-3619-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-1/" - }, - { - "name" : "USN-3619-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-2/" - }, - { - "name" : "USN-3653-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3653-1/" - }, - { - "name" : "USN-3653-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3653-2/" - }, - { - "name" : "USN-3655-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3655-2/" - }, - { - "name" : "USN-3657-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3657-1/" - }, - { - "name" : "USN-3655-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3655-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91" + }, + { + "name": "USN-3619-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-2/" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4", + "refsource": "MISC", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "USN-3653-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3653-2/" + }, + { + "name": "USN-3655-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3655-1/" + }, + { + "name": "USN-3655-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3655-2/" + }, + { + "name": "USN-3653-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3653-1/" + }, + { + "name": "USN-3657-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3657-1/" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + }, + { + "name": "https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91" + }, + { + "name": "USN-3619-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1015.json b/2017/1xxx/CVE-2017-1015.json index 0b927524058..8ecda5a33f1 100644 --- a/2017/1xxx/CVE-2017-1015.json +++ b/2017/1xxx/CVE-2017-1015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1015", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1327.json b/2017/1xxx/CVE-2017-1327.json index 2a79867af89..8263df6ffb6 100644 --- a/2017/1xxx/CVE-2017-1327.json +++ b/2017/1xxx/CVE-2017-1327.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-06-01T00:00:00", - "ID" : "CVE-2017-1327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iNotes", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "8.5.3" - }, - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.1" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "8.5.3.6" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "8.5.1.5" - }, - { - "version_value" : "8.5.2.4" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "8.5.3.1" - }, - { - "version_value" : "9.0.1.1" - }, - { - "version_value" : "8.5.1.1" - }, - { - "version_value" : "9.0.1.8" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-06-01T00:00:00", + "ID": "CVE-2017-1327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iNotes", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "8.5.3" + }, + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.1" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.5.3.6" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "8.5.1.5" + }, + { + "version_value": "8.5.2.4" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "8.5.3.1" + }, + { + "version_value": "9.0.1.1" + }, + { + "version_value": "8.5.1.1" + }, + { + "version_value": "9.0.1.8" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22003664", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22003664" - }, - { - "name" : "100139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22003664", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22003664" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062" + }, + { + "name": "100139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100139" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1709.json b/2017/1xxx/CVE-2017-1709.json index 0976dc4fe33..9b4277377e0 100644 --- a/2017/1xxx/CVE-2017-1709.json +++ b/2017/1xxx/CVE-2017-1709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1788.json b/2017/1xxx/CVE-2017-1788.json index aea77699369..1b604d439f5 100644 --- a/2017/1xxx/CVE-2017-1788.json +++ b/2017/1xxx/CVE-2017-1788.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2017-1788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.300", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2017-1788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137031", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137031" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012341", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012341" - }, - { - "name" : "103497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.300", + "UI": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137031", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137031" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012341", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012341" + }, + { + "name": "103497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103497" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1888.json b/2017/1xxx/CVE-2017-1888.json index 8564928f966..27217cf45ab 100644 --- a/2017/1xxx/CVE-2017-1888.json +++ b/2017/1xxx/CVE-2017-1888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1888", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1888", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5093.json b/2017/5xxx/CVE-2017-5093.json index 6cfc6c2d5de..bb28efed67d 100644 --- a/2017/5xxx/CVE-2017-5093.json +++ b/2017/5xxx/CVE-2017-5093.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/550017", - "refsource" : "MISC", - "url" : "https://crbug.com/550017" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:1833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1833" - }, - { - "name" : "99950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/550017", + "refsource": "MISC", + "url": "https://crbug.com/550017" + }, + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" + }, + { + "name": "99950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99950" + }, + { + "name": "RHSA-2017:1833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1833" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5213.json b/2017/5xxx/CVE-2017-5213.json index 7608c05041f..7d07c242e5a 100644 --- a/2017/5xxx/CVE-2017-5213.json +++ b/2017/5xxx/CVE-2017-5213.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5213", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5213", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5804.json b/2017/5xxx/CVE-2017-5804.json index e8cd2641df9..53840ea632b 100644 --- a/2017/5xxx/CVE-2017-5804.json +++ b/2017/5xxx/CVE-2017-5804.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-04-18T00:00:00", - "ID" : "CVE-2017-5804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "v7.2" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-04-18T00:00:00", + "ID": "CVE-2017-5804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "v7.2" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us" - }, - { - "name" : "98088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98088" - }, - { - "name" : "1038377", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038377", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038377" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us" + }, + { + "name": "98088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98088" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5930.json b/2017/5xxx/CVE-2017-5930.json index e77249268bd..ac30391e5a5 100644 --- a/2017/5xxx/CVE-2017-5930.json +++ b/2017/5xxx/CVE-2017-5930.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170207 Re: CVE request: PostfixAdmin allows to delete protected aliases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/08/1" - }, - { - "name" : "[oss-security] 20170209 Re: CVE request: PostfixAdmin allows to delete protected aliases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/09/1" - }, - { - "name" : "[postfixadmin-devel] 20170204 Security hole in AliasHandler", - "refsource" : "MLIST", - "url" : "https://sourceforge.net/p/postfixadmin/mailman/message/35646827/" - }, - { - "name" : "https://github.com/postfixadmin/postfixadmin/blob/postfixadmin-3.0.2/CHANGELOG.TXT", - "refsource" : "CONFIRM", - "url" : "https://github.com/postfixadmin/postfixadmin/blob/postfixadmin-3.0.2/CHANGELOG.TXT" - }, - { - "name" : "https://github.com/postfixadmin/postfixadmin/pull/23", - "refsource" : "CONFIRM", - "url" : "https://github.com/postfixadmin/postfixadmin/pull/23" - }, - { - "name" : "openSUSE-SU-2017:0488", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-02/msg00076.html" - }, - { - "name" : "96142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[postfixadmin-devel] 20170204 Security hole in AliasHandler", + "refsource": "MLIST", + "url": "https://sourceforge.net/p/postfixadmin/mailman/message/35646827/" + }, + { + "name": "https://github.com/postfixadmin/postfixadmin/blob/postfixadmin-3.0.2/CHANGELOG.TXT", + "refsource": "CONFIRM", + "url": "https://github.com/postfixadmin/postfixadmin/blob/postfixadmin-3.0.2/CHANGELOG.TXT" + }, + { + "name": "96142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96142" + }, + { + "name": "openSUSE-SU-2017:0488", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00076.html" + }, + { + "name": "[oss-security] 20170207 Re: CVE request: PostfixAdmin allows to delete protected aliases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/08/1" + }, + { + "name": "https://github.com/postfixadmin/postfixadmin/pull/23", + "refsource": "CONFIRM", + "url": "https://github.com/postfixadmin/postfixadmin/pull/23" + }, + { + "name": "[oss-security] 20170209 Re: CVE request: PostfixAdmin allows to delete protected aliases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/09/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5939.json b/2017/5xxx/CVE-2017-5939.json index 45b4756e18d..bf6b79f870a 100644 --- a/2017/5xxx/CVE-2017-5939.json +++ b/2017/5xxx/CVE-2017-5939.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5939", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5939", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file