From dc830214b884726c7df428524d62c823b7fd316b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:50:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0848.json | 240 ++++++++++++------------ 2006/0xxx/CVE-2006-0875.json | 190 +++++++++---------- 2006/3xxx/CVE-2006-3196.json | 140 +++++++------- 2006/3xxx/CVE-2006-3346.json | 170 ++++++++--------- 2006/3xxx/CVE-2006-3502.json | 190 +++++++++---------- 2006/3xxx/CVE-2006-3678.json | 190 +++++++++---------- 2006/4xxx/CVE-2006-4358.json | 180 +++++++++--------- 2006/4xxx/CVE-2006-4385.json | 240 ++++++++++++------------ 2006/4xxx/CVE-2006-4471.json | 160 ++++++++-------- 2006/4xxx/CVE-2006-4515.json | 34 ++-- 2006/4xxx/CVE-2006-4788.json | 160 ++++++++-------- 2006/6xxx/CVE-2006-6064.json | 160 ++++++++-------- 2006/6xxx/CVE-2006-6550.json | 130 ++++++------- 2006/7xxx/CVE-2006-7017.json | 160 ++++++++-------- 2006/7xxx/CVE-2006-7025.json | 170 ++++++++--------- 2010/2xxx/CVE-2010-2382.json | 120 ++++++------ 2010/2xxx/CVE-2010-2489.json | 210 ++++++++++----------- 2010/2xxx/CVE-2010-2659.json | 170 ++++++++--------- 2010/3xxx/CVE-2010-3535.json | 140 +++++++------- 2010/3xxx/CVE-2010-3591.json | 200 ++++++++++---------- 2010/3xxx/CVE-2010-3739.json | 130 ++++++------- 2011/0xxx/CVE-2011-0405.json | 190 +++++++++---------- 2011/0xxx/CVE-2011-0482.json | 210 ++++++++++----------- 2011/0xxx/CVE-2011-0906.json | 34 ++-- 2011/0xxx/CVE-2011-0970.json | 34 ++-- 2011/1xxx/CVE-2011-1112.json | 160 ++++++++-------- 2011/1xxx/CVE-2011-1783.json | 300 +++++++++++++++--------------- 2011/1xxx/CVE-2011-1879.json | 190 +++++++++---------- 2011/5xxx/CVE-2011-5008.json | 170 ++++++++--------- 2014/3xxx/CVE-2014-3432.json | 160 ++++++++-------- 2014/3xxx/CVE-2014-3630.json | 150 +++++++-------- 2014/3xxx/CVE-2014-3924.json | 190 +++++++++---------- 2014/6xxx/CVE-2014-6117.json | 34 ++-- 2014/6xxx/CVE-2014-6544.json | 130 ++++++------- 2014/6xxx/CVE-2014-6760.json | 140 +++++++------- 2014/6xxx/CVE-2014-6862.json | 140 +++++++------- 2014/6xxx/CVE-2014-6885.json | 140 +++++++------- 2014/7xxx/CVE-2014-7662.json | 34 ++-- 2014/7xxx/CVE-2014-7975.json | 310 +++++++++++++++---------------- 2014/8xxx/CVE-2014-8106.json | 290 ++++++++++++++--------------- 2016/2xxx/CVE-2016-2141.json | 330 ++++++++++++++++----------------- 2016/2xxx/CVE-2016-2431.json | 120 ++++++------ 2016/2xxx/CVE-2016-2564.json | 130 ++++++------- 2016/2xxx/CVE-2016-2930.json | 130 ++++++------- 2016/2xxx/CVE-2016-2976.json | 166 ++++++++--------- 2016/6xxx/CVE-2016-6096.json | 154 +++++++-------- 2017/18xxx/CVE-2017-18087.json | 150 +++++++-------- 2017/18xxx/CVE-2017-18210.json | 130 ++++++------- 2017/1xxx/CVE-2017-1255.json | 162 ++++++++-------- 2017/1xxx/CVE-2017-1443.json | 142 +++++++------- 2017/1xxx/CVE-2017-1643.json | 34 ++-- 2017/5xxx/CVE-2017-5261.json | 120 ++++++------ 2017/5xxx/CVE-2017-5278.json | 34 ++-- 2017/5xxx/CVE-2017-5641.json | 172 ++++++++--------- 54 files changed, 4232 insertions(+), 4232 deletions(-) diff --git a/2006/0xxx/CVE-2006-0848.json b/2006/0xxx/CVE-2006-0848.json index 76c52428d6b..b2f9fb4b7d0 100644 --- a/2006/0xxx/CVE-2006-0848.json +++ b/2006/0xxx/CVE-2006-0848.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Open 'safe' files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html", - "refsource" : "MISC", - "url" : "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html" - }, - { - "name" : "http://www.heise.de/english/newsticker/news/69862", - "refsource" : "MISC", - "url" : "http://www.heise.de/english/newsticker/news/69862" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=303382", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=303382" - }, - { - "name" : "TA06-053A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-053A.html" - }, - { - "name" : "TA06-062A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" - }, - { - "name" : "VU#999708", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/999708" - }, - { - "name" : "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php", - "refsource" : "MISC", - "url" : "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php" - }, - { - "name" : "16736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16736" - }, - { - "name" : "ADV-2006-0671", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0671" - }, - { - "name" : "23510", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23510" - }, - { - "name" : "1015652", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015652" - }, - { - "name" : "18963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18963" - }, - { - "name" : "macosx-zip-command-execution(24808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Open 'safe' files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18963" + }, + { + "name": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html", + "refsource": "MISC", + "url": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html" + }, + { + "name": "VU#999708", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/999708" + }, + { + "name": "16736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16736" + }, + { + "name": "1015652", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015652" + }, + { + "name": "TA06-053A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-053A.html" + }, + { + "name": "ADV-2006-0671", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0671" + }, + { + "name": "TA06-062A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" + }, + { + "name": "http://www.heise.de/english/newsticker/news/69862", + "refsource": "MISC", + "url": "http://www.heise.de/english/newsticker/news/69862" + }, + { + "name": "23510", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23510" + }, + { + "name": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php", + "refsource": "MISC", + "url": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303382", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=303382" + }, + { + "name": "macosx-zip-command-execution(24808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24808" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0875.json b/2006/0xxx/CVE-2006-0875.json index f9d6c63829a..9759066128c 100644 --- a/2006/0xxx/CVE-2006-0875.json +++ b/2006/0xxx/CVE-2006-0875.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060222 [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425775/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-267.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-267.html" - }, - { - "name" : "16769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16769" - }, - { - "name" : "ADV-2006-0694", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0694" - }, - { - "name" : "23388", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23388" - }, - { - "name" : "1015663", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015663" - }, - { - "name" : "18997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18997" - }, - { - "name" : "runcms-ratefile-xss(24871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015663", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015663" + }, + { + "name": "16769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16769" + }, + { + "name": "http://kapda.ir/advisory-267.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-267.html" + }, + { + "name": "18997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18997" + }, + { + "name": "20060222 [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425775/100/0/threaded" + }, + { + "name": "23388", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23388" + }, + { + "name": "runcms-ratefile-xss(24871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24871" + }, + { + "name": "ADV-2006-0694", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0694" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3196.json b/2006/3xxx/CVE-2006-3196.json index 9ec0caab1c0..fe9395994fb 100644 --- a/2006/3xxx/CVE-2006-3196.json +++ b/2006/3xxx/CVE-2006-3196.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060618 singapore gallery <= 0.10.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437716/100/0/threaded" - }, - { - "name" : "1135", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1135" - }, - { - "name" : "singapore-index-path-disclosure(27323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "singapore-index-path-disclosure(27323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27323" + }, + { + "name": "1135", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1135" + }, + { + "name": "20060618 singapore gallery <= 0.10.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437716/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3346.json b/2006/3xxx/CVE-2006-3346.json index f9f066c6298..fac55d569b4 100644 --- a/2006/3xxx/CVE-2006-3346.json +++ b/2006/3xxx/CVE-2006-3346.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060630 MyNewsGroups<<--v. 0.6 \"tree.php\" SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438814/100/0/threaded" - }, - { - "name" : "18757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18757" - }, - { - "name" : "ADV-2006-2629", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2629" - }, - { - "name" : "20915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20915" - }, - { - "name" : "1182", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1182" - }, - { - "name" : "mynewsgroups-tree-sql-injection(27492)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2629", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2629" + }, + { + "name": "1182", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1182" + }, + { + "name": "20060630 MyNewsGroups<<--v. 0.6 \"tree.php\" SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438814/100/0/threaded" + }, + { + "name": "18757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18757" + }, + { + "name": "mynewsgroups-tree-sql-injection(27492)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27492" + }, + { + "name": "20915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20915" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3502.json b/2006/3xxx/CVE-2006-3502.json index b60d68ca21e..8a14622ae1c 100644 --- a/2006/3xxx/CVE-2006-3502.json +++ b/2006/3xxx/CVE-2006-3502.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-08-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" - }, - { - "name" : "TA06-214A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" - }, - { - "name" : "VU#651844", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/651844" - }, - { - "name" : "19289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19289" - }, - { - "name" : "ADV-2006-3101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3101" - }, - { - "name" : "27741", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27741" - }, - { - "name" : "21253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21253" - }, - { - "name" : "macosx-imageio-gif-code-execution(28144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-08-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" + }, + { + "name": "ADV-2006-3101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3101" + }, + { + "name": "21253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21253" + }, + { + "name": "19289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19289" + }, + { + "name": "TA06-214A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" + }, + { + "name": "macosx-imageio-gif-code-execution(28144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144" + }, + { + "name": "VU#651844", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/651844" + }, + { + "name": "27741", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27741" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3678.json b/2006/3xxx/CVE-2006-3678.json index d4c4a0c1804..db048440aa6 100644 --- a/2006/3xxx/CVE-2006-3678.json +++ b/2006/3xxx/CVE-2006-3678.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to \"force the device into layer 2 fallback (L2FB)\", causing a denial of service (page fault), via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060724 [CYBSEC] TippingPoint detection bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440944/100/0/threaded" - }, - { - "name" : "http://www.3com.com/securityalert/alerts/3COM-06-003.html", - "refsource" : "CONFIRM", - "url" : "http://www.3com.com/securityalert/alerts/3COM-06-003.html" - }, - { - "name" : "19125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19125" - }, - { - "name" : "ADV-2006-2956", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2956" - }, - { - "name" : "1016562", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016562" - }, - { - "name" : "21154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21154" - }, - { - "name" : "1286", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1286" - }, - { - "name" : "tippingpoint-ips-pagefault-detection-bypass(27934)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to \"force the device into layer 2 fallback (L2FB)\", causing a denial of service (page fault), via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.3com.com/securityalert/alerts/3COM-06-003.html", + "refsource": "CONFIRM", + "url": "http://www.3com.com/securityalert/alerts/3COM-06-003.html" + }, + { + "name": "ADV-2006-2956", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2956" + }, + { + "name": "1286", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1286" + }, + { + "name": "19125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19125" + }, + { + "name": "1016562", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016562" + }, + { + "name": "20060724 [CYBSEC] TippingPoint detection bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440944/100/0/threaded" + }, + { + "name": "21154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21154" + }, + { + "name": "tippingpoint-ips-pagefault-detection-bypass(27934)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27934" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4358.json b/2006/4xxx/CVE-2006-4358.json index aeb2a07899a..96b7230d990 100644 --- a/2006/4xxx/CVE-2006-4358.json +++ b/2006/4xxx/CVE-2006-4358.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060821 DieselPay İndex.php Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-08/0416.html" - }, - { - "name" : "19623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19623" - }, - { - "name" : "ADV-2006-3344", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3344" - }, - { - "name" : "28074", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28074" - }, - { - "name" : "21588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21588" - }, - { - "name" : "1459", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1459" - }, - { - "name" : "dieselpay-index-xss(28496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dieselpay-index-xss(28496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28496" + }, + { + "name": "19623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19623" + }, + { + "name": "20060821 DieselPay İndex.php Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0416.html" + }, + { + "name": "ADV-2006-3344", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3344" + }, + { + "name": "21588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21588" + }, + { + "name": "28074", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28074" + }, + { + "name": "1459", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1459" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4385.json b/2006/4xxx/CVE-2006-4385.json index 6b581be0a27..598c9b220cc 100644 --- a/2006/4xxx/CVE-2006-4385.json +++ b/2006/4xxx/CVE-2006-4385.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060913 Multiple Vulnerabilities in Apple QuickTime", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445888/100/0/threaded" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=304357", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304357" - }, - { - "name" : "APPLE-SA-2006-09-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html" - }, - { - "name" : "GLSA-200803-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-08.xml" - }, - { - "name" : "VU#308204", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/308204" - }, - { - "name" : "19976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19976" - }, - { - "name" : "ADV-2006-3577", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3577" - }, - { - "name" : "28768", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28768" - }, - { - "name" : "1016830", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016830" - }, - { - "name" : "21893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21893" - }, - { - "name" : "29182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29182" - }, - { - "name" : "1554", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1554" - }, - { - "name" : "quicktime-sgi-buffer-overflow(28932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060913 Multiple Vulnerabilities in Apple QuickTime", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded" + }, + { + "name": "28768", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28768" + }, + { + "name": "1016830", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016830" + }, + { + "name": "21893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21893" + }, + { + "name": "19976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19976" + }, + { + "name": "GLSA-200803-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml" + }, + { + "name": "quicktime-sgi-buffer-overflow(28932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28932" + }, + { + "name": "1554", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1554" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304357", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304357" + }, + { + "name": "APPLE-SA-2006-09-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html" + }, + { + "name": "ADV-2006-3577", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3577" + }, + { + "name": "VU#308204", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/308204" + }, + { + "name": "29182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29182" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4471.json b/2006/4xxx/CVE-2006-4471.json index ef25f73d52f..b7b37ced239 100644 --- a/2006/4xxx/CVE-2006-4471.json +++ b/2006/4xxx/CVE-2006-4471.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1841/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1841/78/" - }, - { - "name" : "http://www.joomla.org/content/view/1843/74/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1843/74/" - }, - { - "name" : "ADV-2006-3408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3408" - }, - { - "name" : "21666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21666" - }, - { - "name" : "joomla-administratorindex-error(28630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3408" + }, + { + "name": "http://www.joomla.org/content/view/1841/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1841/78/" + }, + { + "name": "21666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21666" + }, + { + "name": "http://www.joomla.org/content/view/1843/74/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1843/74/" + }, + { + "name": "joomla-administratorindex-error(28630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28630" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4515.json b/2006/4xxx/CVE-2006-4515.json index 3071ca9ebcd..eec72242afc 100644 --- a/2006/4xxx/CVE-2006-4515.json +++ b/2006/4xxx/CVE-2006-4515.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4515", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4515", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4788.json b/2006/4xxx/CVE-2006-4788.json index 4d6148d97bc..c113603e1d9 100644 --- a/2006/4xxx/CVE-2006-4788.json +++ b/2006/4xxx/CVE-2006-4788.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to \"yes\", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2354", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2354" - }, - { - "name" : "http://www.telekorn.com/forum/showthread.php?t=1427", - "refsource" : "CONFIRM", - "url" : "http://www.telekorn.com/forum/showthread.php?t=1427" - }, - { - "name" : "ADV-2006-3570", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3570" - }, - { - "name" : "21878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21878" - }, - { - "name" : "signkorn-log-file-include(28888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to \"yes\", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "signkorn-log-file-include(28888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28888" + }, + { + "name": "http://www.telekorn.com/forum/showthread.php?t=1427", + "refsource": "CONFIRM", + "url": "http://www.telekorn.com/forum/showthread.php?t=1427" + }, + { + "name": "ADV-2006-3570", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3570" + }, + { + "name": "21878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21878" + }, + { + "name": "2354", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2354" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6064.json b/2006/6xxx/CVE-2006-6064.json index 113eb0e647b..d17a1acfdac 100644 --- a/2006/6xxx/CVE-2006-6064.json +++ b/2006/6xxx/CVE-2006-6064.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=465373&group_id=1596", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=465373&group_id=1596" - }, - { - "name" : "21217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21217" - }, - { - "name" : "ADV-2006-4637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4637" - }, - { - "name" : "22977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22977" - }, - { - "name" : "fuzzball-muck-mpi-bo(30448)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=465373&group_id=1596", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=465373&group_id=1596" + }, + { + "name": "22977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22977" + }, + { + "name": "fuzzball-muck-mpi-bo(30448)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30448" + }, + { + "name": "ADV-2006-4637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4637" + }, + { + "name": "21217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21217" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6550.json b/2006/6xxx/CVE-2006-6550.json index d464a6fcfa9..449c4683894 100644 --- a/2006/6xxx/CVE-2006-6550.json +++ b/2006/6xxx/CVE-2006-6550.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2894", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2894" - }, - { - "name" : "phorum-dbfile-file-include(30741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2894", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2894" + }, + { + "name": "phorum-dbfile-file-include(30741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30741" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7017.json b/2006/7xxx/CVE-2006-7017.json index c735d5452c6..801678f2602 100644 --- a/2006/7xxx/CVE-2006-7017.json +++ b/2006/7xxx/CVE-2006-7017.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060616 Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html" - }, - { - "name" : "1016330", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1016330" - }, - { - "name" : "18752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18752" - }, - { - "name" : "2252", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2252" - }, - { - "name" : "indexu-admintemplatepath-file-include(27262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18752" + }, + { + "name": "indexu-admintemplatepath-file-include(27262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27262" + }, + { + "name": "20060616 Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html" + }, + { + "name": "2252", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2252" + }, + { + "name": "1016330", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1016330" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7025.json b/2006/7xxx/CVE-2006-7025.json index b4e586c1a04..3fa3f8fbf0d 100644 --- a/2006/7xxx/CVE-2006-7025.json +++ b/2006/7xxx/CVE-2006-7025.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060420 Sql Injection in BookMark4u", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=114555163911635&w=2" - }, - { - "name" : "20070222 Source verify and clarification of old bookmark4u SQL injection", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-February/001373.html" - }, - { - "name" : "ADV-2006-1456", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1456" - }, - { - "name" : "24795", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24795" - }, - { - "name" : "19758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19758" - }, - { - "name" : "bookmark4u-config-sql-injection(25956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1456", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1456" + }, + { + "name": "24795", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24795" + }, + { + "name": "bookmark4u-config-sql-injection(25956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956" + }, + { + "name": "19758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19758" + }, + { + "name": "20070222 Source verify and clarification of old bookmark4u SQL injection", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-February/001373.html" + }, + { + "name": "20060420 Sql Injection in BookMark4u", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=114555163911635&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2382.json b/2010/2xxx/CVE-2010-2382.json index a66e3e146cb..1fc2bbe4263 100644 --- a/2010/2xxx/CVE-2010-2382.json +++ b/2010/2xxx/CVE-2010-2382.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2489.json b/2010/2xxx/CVE-2010-2489.json index e5b8fd32636..565f1876622 100644 --- a/2010/2xxx/CVE-2010-2489.json +++ b/2010/2xxx/CVE-2010-2489.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100702 CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/02/1" - }, - { - "name" : "[oss-security] 20100702 Re: CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/02/10" - }, - { - "name" : "[ruby-talk] 20100702 Re: [ANN][Security] Ruby 1.9.1-p429 is out", - "refsource" : "MLIST", - "url" : "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html" - }, - { - "name" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog" - }, - { - "name" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/" - }, - { - "name" : "41321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41321" - }, - { - "name" : "66040", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66040" - }, - { - "name" : "40442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40442" - }, - { - "name" : "ruby-argfinplacemode-bo(60135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66040", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66040" + }, + { + "name": "[oss-security] 20100702 Re: CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/02/10" + }, + { + "name": "40442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40442" + }, + { + "name": "ruby-argfinplacemode-bo(60135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135" + }, + { + "name": "[oss-security] 20100702 CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/02/1" + }, + { + "name": "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", + "refsource": "CONFIRM", + "url": "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog" + }, + { + "name": "41321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41321" + }, + { + "name": "[ruby-talk] 20100702 Re: [ANN][Security] Ruby 1.9.1-p429 is out", + "refsource": "MLIST", + "url": "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html" + }, + { + "name": "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", + "refsource": "CONFIRM", + "url": "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog" + }, + { + "name": "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2659.json b/2010/2xxx/CVE-2010-2659.json index f7581d40649..ec344c134b3 100644 --- a/2010/2xxx/CVE-2010-2659.json +++ b/2010/2xxx/CVE-2010-2659.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1052/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1052/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1060/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1050/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1050/" - }, - { - "name" : "http://www.opera.com/support/search/view/959/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/959/" - }, - { - "name" : "oval:org.mitre.oval:def:11096", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11096" - }, - { - "name" : "ADV-2010-1673", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1673", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1673" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1050/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1050/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1052/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1052/" + }, + { + "name": "oval:org.mitre.oval:def:11096", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11096" + }, + { + "name": "http://www.opera.com/support/search/view/959/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/959/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1060/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3535.json b/2010/3xxx/CVE-2010-3535.json index 8ffc327a312..b6085dd3f5c 100644 --- a/2010/3xxx/CVE-2010-3535.json +++ b/2010/3xxx/CVE-2010-3535.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - }, - { - "name" : "1024572", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + }, + { + "name": "1024572", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024572" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3591.json b/2010/3xxx/CVE-2010-3591.json index da6bc56a212..e3c2b1cb6a5 100644 --- a/2010/3xxx/CVE-2010-3591.json +++ b/2010/3xxx/CVE-2010-3591.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110125 [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515959/100/0/threaded" - }, - { - "name" : "16055", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16055" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=305", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=305" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45851" - }, - { - "name" : "1024981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024981" - }, - { - "name" : "42976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42976" - }, - { - "name" : "ADV-2011-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0143" - }, - { - "name" : "oracle-document-internaloperations-code-exec(64768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0143" + }, + { + "name": "16055", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16055" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=305", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=305" + }, + { + "name": "1024981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024981" + }, + { + "name": "20110125 [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515959/100/0/threaded" + }, + { + "name": "oracle-document-internaloperations-code-exec(64768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64768" + }, + { + "name": "42976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42976" + }, + { + "name": "45851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45851" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3739.json b/2010/3xxx/CVE-2010-3739.json index 5da14b289f2..f79ab1967ec 100644 --- a/2010/3xxx/CVE-2010-3739.json +++ b/2010/3xxx/CVE-2010-3739.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "JR34218", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR34218", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218" + }, + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0405.json b/2011/0xxx/CVE-2011-0405.json index aef598ea50a..f1ff165b9d6 100644 --- a/2011/0xxx/CVE-2011-0405.json +++ b/2011/0xxx/CVE-2011-0405.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15913", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15913" - }, - { - "name" : "http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059" - }, - { - "name" : "http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081" - }, - { - "name" : "45674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45674" - }, - { - "name" : "70295", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70295" - }, - { - "name" : "42786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42786" - }, - { - "name" : "ADV-2011-0036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0036" - }, - { - "name" : "phpgedview-module-file-include(64733)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059" + }, + { + "name": "ADV-2011-0036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0036" + }, + { + "name": "70295", + "refsource": "OSVDB", + "url": "http://osvdb.org/70295" + }, + { + "name": "15913", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15913" + }, + { + "name": "phpgedview-module-file-include(64733)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64733" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081" + }, + { + "name": "42786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42786" + }, + { + "name": "45674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45674" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0482.json b/2011/0xxx/CVE-2011-0482.json index 32fde8547cf..8f01a56fab0 100644 --- a/2011/0xxx/CVE-2011-0482.json +++ b/2011/0xxx/CVE-2011-0482.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=68178", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=68178" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" - }, - { - "name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", - "refsource" : "CONFIRM", - "url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" - }, - { - "name" : "DSA-2188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2188" - }, - { - "name" : "SUSE-SR:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" - }, - { - "name" : "45788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45788" - }, - { - "name" : "70465", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70465" - }, - { - "name" : "oval:org.mitre.oval:def:14662", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14662" - }, - { - "name" : "42951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42951" - }, - { - "name" : "chrome-anchors-dos(64673)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" + }, + { + "name": "chrome-anchors-dos(64673)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64673" + }, + { + "name": "45788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45788" + }, + { + "name": "oval:org.mitre.oval:def:14662", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14662" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=68178", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=68178" + }, + { + "name": "70465", + "refsource": "OSVDB", + "url": "http://osvdb.org/70465" + }, + { + "name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", + "refsource": "CONFIRM", + "url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" + }, + { + "name": "DSA-2188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2188" + }, + { + "name": "42951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42951" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0906.json b/2011/0xxx/CVE-2011-0906.json index 5f771fad6d0..2a1f9ae937c 100644 --- a/2011/0xxx/CVE-2011-0906.json +++ b/2011/0xxx/CVE-2011-0906.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0906", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0906", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0970.json b/2011/0xxx/CVE-2011-0970.json index 98eac87bfac..756ddbf8801 100644 --- a/2011/0xxx/CVE-2011-0970.json +++ b/2011/0xxx/CVE-2011-0970.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0970", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0970", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1112.json b/2011/1xxx/CVE-2011-1112.json index 4e432c69e71..bb155dabff4 100644 --- a/2011/1xxx/CVE-2011-1112.json +++ b/2011/1xxx/CVE-2011-1112.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=70244", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=70244" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" - }, - { - "name" : "46614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46614" - }, - { - "name" : "oval:org.mitre.oval:def:14648", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14648" - }, - { - "name" : "google-chrome-svgcontent-code-exec(65730)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14648", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14648" + }, + { + "name": "46614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46614" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=70244", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=70244" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" + }, + { + "name": "google-chrome-svgcontent-code-exec(65730)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65730" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1783.json b/2011/1xxx/CVE-2011-1783.json index 2f51ecd33d6..11a67ff04d6 100644 --- a/2011/1xxx/CVE-2011-1783.json +++ b/2011/1xxx/CVE-2011-1783.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt" - }, - { - "name" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=709112", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=709112" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "DSA-2251", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2251" - }, - { - "name" : "FEDORA-2011-8341", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html" - }, - { - "name" : "FEDORA-2011-8352", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html" - }, - { - "name" : "MDVSA-2011:106", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106" - }, - { - "name" : "RHSA-2011:0862", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0862.html" - }, - { - "name" : "USN-1144-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1144-1" - }, - { - "name" : "48091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48091" - }, - { - "name" : "oval:org.mitre.oval:def:18889", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889" - }, - { - "name" : "1025618", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025618" - }, - { - "name" : "44633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44633" - }, - { - "name" : "44681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44681" - }, - { - "name" : "45162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45162" - }, - { - "name" : "44849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44849" - }, - { - "name" : "44888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2251", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2251" + }, + { + "name": "USN-1144-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1144-1" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "MDVSA-2011:106", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106" + }, + { + "name": "44849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44849" + }, + { + "name": "RHSA-2011:0862", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0862.html" + }, + { + "name": "FEDORA-2011-8341", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html" + }, + { + "name": "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt" + }, + { + "name": "oval:org.mitre.oval:def:18889", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709112", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709112" + }, + { + "name": "44888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44888" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "45162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45162" + }, + { + "name": "1025618", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025618" + }, + { + "name": "44681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44681" + }, + { + "name": "48091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48091" + }, + { + "name": "FEDORA-2011-8352", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html" + }, + { + "name": "44633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44633" + }, + { + "name": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1879.json b/2011/1xxx/CVE-2011-1879.json index f1d48bc2668..0ed721e5d2c 100644 --- a/2011/1xxx/CVE-2011-1879.json +++ b/2011/1xxx/CVE-2011-1879.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100144947", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144947" - }, - { - "name" : "MS11-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "48593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48593" - }, - { - "name" : "73781", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73781" - }, - { - "name" : "oval:org.mitre.oval:def:11946", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11946" - }, - { - "name" : "1025761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025761" - }, - { - "name" : "45186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48593" + }, + { + "name": "MS11-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144947", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144947" + }, + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "45186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45186" + }, + { + "name": "oval:org.mitre.oval:def:11946", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11946" + }, + { + "name": "1025761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025761" + }, + { + "name": "73781", + "refsource": "OSVDB", + "url": "http://osvdb.org/73781" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5008.json b/2011/5xxx/CVE-2011-5008.json index 3d5a6c6a51c..a2253891dc4 100644 --- a/2011/5xxx/CVE-2011-5008.json +++ b/2011/5xxx/CVE-2011-5008.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2011/Nov/178" - }, - { - "name" : "http://aluigi.altervista.org/adv/codesys_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/codesys_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf" - }, - { - "name" : "77386", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77386" - }, - { - "name" : "47018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47018" - }, - { - "name" : "codesys-gatewayservice-bo(71531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf" + }, + { + "name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2011/Nov/178" + }, + { + "name": "47018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47018" + }, + { + "name": "http://aluigi.altervista.org/adv/codesys_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt" + }, + { + "name": "77386", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77386" + }, + { + "name": "codesys-gatewayservice-bo(71531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3432.json b/2014/3xxx/CVE-2014-3432.json index 71c21ed7e78..567b6ba7b2e 100644 --- a/2014/3xxx/CVE-2014-3432.json +++ b/2014/3xxx/CVE-2014-3432.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-3432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00" - }, - { - "name" : "68160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68160" - }, - { - "name" : "1030472", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030472" - }, - { - "name" : "59538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59538" - }, - { - "name" : "59561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68160" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00" + }, + { + "name": "59561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59561" + }, + { + "name": "59538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59538" + }, + { + "name": "1030472", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030472" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3630.json b/2014/3xxx/CVE-2014-3630.json index 3cd242dc16e..978820a2795 100644 --- a/2014/3xxx/CVE-2014-3630.json +++ b/2014/3xxx/CVE-2014-3630.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf", - "refsource" : "MISC", - "url" : "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf" - }, - { - "name" : "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ" - }, - { - "name" : "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ" - }, - { - "name" : "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity", - "refsource" : "CONFIRM", - "url" : "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf", + "refsource": "MISC", + "url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf" + }, + { + "name": "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ" + }, + { + "name": "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ" + }, + { + "name": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity", + "refsource": "CONFIRM", + "url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3924.json b/2014/3xxx/CVE-2014-3924.json index b1de441be86..f93d61c155d 100644 --- a/2014/3xxx/CVE-2014-3924.json +++ b/2014/3xxx/CVE-2014-3924.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.webmin.com/changes.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/changes.html" - }, - { - "name" : "http://www.webmin.com/uchanges.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/uchanges.html" - }, - { - "name" : "67647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67647" - }, - { - "name" : "67649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67649" - }, - { - "name" : "1030296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030296" - }, - { - "name" : "1030297", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030297" - }, - { - "name" : "58917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58917" - }, - { - "name" : "58919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.webmin.com/changes.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/changes.html" + }, + { + "name": "58917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58917" + }, + { + "name": "58919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58919" + }, + { + "name": "67649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67649" + }, + { + "name": "http://www.webmin.com/uchanges.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/uchanges.html" + }, + { + "name": "1030296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030296" + }, + { + "name": "1030297", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030297" + }, + { + "name": "67647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67647" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6117.json b/2014/6xxx/CVE-2014-6117.json index b38c0ab31ae..53b10f33a6f 100644 --- a/2014/6xxx/CVE-2014-6117.json +++ b/2014/6xxx/CVE-2014-6117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6117", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6117", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6544.json b/2014/6xxx/CVE-2014-6544.json index aeb6ffc8709..7341e21201d 100644 --- a/2014/6xxx/CVE-2014-6544.json +++ b/2014/6xxx/CVE-2014-6544.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-4289." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-4289." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70553" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6760.json b/2014/6xxx/CVE-2014-6760.json index 40598daf8c5..f56c68b2a3d 100644 --- a/2014/6xxx/CVE-2014-6760.json +++ b/2014/6xxx/CVE-2014-6760.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#234721", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/234721" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#234721", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/234721" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6862.json b/2014/6xxx/CVE-2014-6862.json index 1f051b88daf..67c203e4d67 100644 --- a/2014/6xxx/CVE-2014-6862.json +++ b/2014/6xxx/CVE-2014-6862.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#244137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/244137" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#244137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/244137" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6885.json b/2014/6xxx/CVE-2014-6885.json index 6fa85641fcb..0f0bcb73aee 100644 --- a/2014/6xxx/CVE-2014-6885.json +++ b/2014/6xxx/CVE-2014-6885.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#274409", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/274409" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#274409", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/274409" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7662.json b/2014/7xxx/CVE-2014-7662.json index ef5849b7c13..7abeac5a26f 100644 --- a/2014/7xxx/CVE-2014-7662.json +++ b/2014/7xxx/CVE-2014-7662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7662", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7662", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7975.json b/2014/7xxx/CVE-2014-7975.json index 66c91f7b0b1..b3c9ae33932 100644 --- a/2014/7xxx/CVE-2014-7975.json +++ b/2014/7xxx/CVE-2014-7975.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141008 CVE-2014-7975: 0-day umount denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/08/22" - }, - { - "name" : "[stable] 20141008 [PATCH] fs: Add a missing permission check to do_umount", - "refsource" : "MLIST", - "url" : "http://thread.gmane.org/gmane.linux.kernel.stable/109312" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151108", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151108" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5" - }, - { - "name" : "RHSA-2017:1842", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1842" - }, - { - "name" : "RHSA-2017:2077", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2077" - }, - { - "name" : "USN-2415-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2415-1" - }, - { - "name" : "USN-2416-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2416-1" - }, - { - "name" : "USN-2419-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2419-1" - }, - { - "name" : "USN-2420-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2420-1" - }, - { - "name" : "USN-2421-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2421-1" - }, - { - "name" : "USN-2417-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2417-1" - }, - { - "name" : "USN-2418-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2418-1" - }, - { - "name" : "70314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70314" - }, - { - "name" : "1031180", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031180" - }, - { - "name" : "61145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61145" - }, - { - "name" : "60174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60174" - }, - { - "name" : "62633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62633" - }, - { - "name" : "62634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62634" - }, - { - "name" : "linux-kernel-cve20147975-dos(96994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2418-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2418-1" + }, + { + "name": "61145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61145" + }, + { + "name": "linux-kernel-cve20147975-dos(96994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96994" + }, + { + "name": "USN-2416-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2416-1" + }, + { + "name": "USN-2417-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2417-1" + }, + { + "name": "USN-2415-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2415-1" + }, + { + "name": "USN-2419-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2419-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5" + }, + { + "name": "1031180", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031180" + }, + { + "name": "60174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60174" + }, + { + "name": "USN-2421-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2421-1" + }, + { + "name": "USN-2420-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2420-1" + }, + { + "name": "RHSA-2017:2077", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2077" + }, + { + "name": "RHSA-2017:1842", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1842" + }, + { + "name": "62633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62633" + }, + { + "name": "[oss-security] 20141008 CVE-2014-7975: 0-day umount denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/08/22" + }, + { + "name": "62634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62634" + }, + { + "name": "[stable] 20141008 [PATCH] fs: Add a missing permission check to do_umount", + "refsource": "MLIST", + "url": "http://thread.gmane.org/gmane.linux.kernel.stable/109312" + }, + { + "name": "70314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70314" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1151108", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151108" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8106.json b/2014/8xxx/CVE-2014-8106.json index 38801139aed..3e9f62824d5 100644 --- a/2014/8xxx/CVE-2014-8106.json +++ b/2014/8xxx/CVE-2014-8106.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html" - }, - { - "name" : "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/04/8" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=bf25983345ca44aec3dd92c57142be45452bd38a", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=bf25983345ca44aec3dd92c57142be45452bd38a" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0" - }, - { - "name" : "http://support.citrix.com/article/CTX200892", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX200892" - }, - { - "name" : "DSA-3087", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3087" - }, - { - "name" : "DSA-3088", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3088" - }, - { - "name" : "FEDORA-2015-5482", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html" - }, - { - "name" : "RHSA-2015:0643", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0643.html" - }, - { - "name" : "RHSA-2015:0349", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0349.html" - }, - { - "name" : "RHSA-2015:0624", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0624.html" - }, - { - "name" : "RHSA-2015:0795", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0795.html" - }, - { - "name" : "RHSA-2015:0867", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0867.html" - }, - { - "name" : "RHSA-2015:0868", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0868.html" - }, - { - "name" : "RHSA-2015:0891", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0891.html" - }, - { - "name" : "71477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71477" - }, - { - "name" : "60364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60364" - }, - { - "name" : "qemu-cve20148106-sec-bypass(99126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/04/8" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=bf25983345ca44aec3dd92c57142be45452bd38a", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=bf25983345ca44aec3dd92c57142be45452bd38a" + }, + { + "name": "RHSA-2015:0795", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html" + }, + { + "name": "RHSA-2015:0624", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html" + }, + { + "name": "FEDORA-2015-5482", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html" + }, + { + "name": "RHSA-2015:0891", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html" + }, + { + "name": "71477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71477" + }, + { + "name": "RHSA-2015:0643", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html" + }, + { + "name": "qemu-cve20148106-sec-bypass(99126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126" + }, + { + "name": "60364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60364" + }, + { + "name": "RHSA-2015:0349", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html" + }, + { + "name": "RHSA-2015:0868", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html" + }, + { + "name": "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0" + }, + { + "name": "DSA-3088", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3088" + }, + { + "name": "http://support.citrix.com/article/CTX200892", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX200892" + }, + { + "name": "DSA-3087", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3087" + }, + { + "name": "RHSA-2015:0867", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2141.json b/2016/2xxx/CVE-2016-2141.json index c163f405668..f16659aabdd 100644 --- a/2016/2xxx/CVE-2016-2141.json +++ b/2016/2xxx/CVE-2016-2141.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.jboss.org/browse/JGRP-2021", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/JGRP-2021" - }, - { - "name" : "RHSA-2016:1328", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2016-1328.html" - }, - { - "name" : "RHSA-2016:1329", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2016-1329.html" - }, - { - "name" : "RHSA-2016:1330", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2016-1330.html" - }, - { - "name" : "RHSA-2016:1331", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2016-1331.html" - }, - { - "name" : "RHSA-2016:1332", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2016-1332.html" - }, - { - "name" : "RHSA-2016:1333", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2016-1333.html" - }, - { - "name" : "RHSA-2016:1334", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2016-1334.html" - }, - { - "name" : "RHSA-2016:1345", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1345" - }, - { - "name" : "RHSA-2016:1346", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1346" - }, - { - "name" : "RHSA-2016:1347", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1347" - }, - { - "name" : "RHSA-2016:1374", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1374" - }, - { - "name" : "RHSA-2016:1389", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1389" - }, - { - "name" : "RHSA-2016:1433", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1433" - }, - { - "name" : "RHSA-2016:1434", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1434" - }, - { - "name" : "RHSA-2016:1435", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1435.html" - }, - { - "name" : "RHSA-2016:1432", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1432" - }, - { - "name" : "RHSA-2016:1439", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1439.html" - }, - { - "name" : "RHSA-2016:1376", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1376" - }, - { - "name" : "RHSA-2016:2035", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2035.html" - }, - { - "name" : "91481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91481" - }, - { - "name" : "1036165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1347", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1347" + }, + { + "name": "RHSA-2016:2035", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html" + }, + { + "name": "RHSA-2016:1389", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1389" + }, + { + "name": "RHSA-2016:1345", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1345" + }, + { + "name": "RHSA-2016:1376", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1376" + }, + { + "name": "RHSA-2016:1330", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2016-1330.html" + }, + { + "name": "RHSA-2016:1439", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1439.html" + }, + { + "name": "RHSA-2016:1331", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2016-1331.html" + }, + { + "name": "91481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91481" + }, + { + "name": "RHSA-2016:1434", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1434" + }, + { + "name": "RHSA-2016:1328", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2016-1328.html" + }, + { + "name": "RHSA-2016:1433", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1433" + }, + { + "name": "https://issues.jboss.org/browse/JGRP-2021", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/JGRP-2021" + }, + { + "name": "RHSA-2016:1374", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1374" + }, + { + "name": "RHSA-2016:1432", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1432" + }, + { + "name": "RHSA-2016:1346", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1346" + }, + { + "name": "RHSA-2016:1334", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2016-1334.html" + }, + { + "name": "RHSA-2016:1333", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2016-1333.html" + }, + { + "name": "RHSA-2016:1329", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2016-1329.html" + }, + { + "name": "RHSA-2016:1332", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2016-1332.html" + }, + { + "name": "RHSA-2016:1435", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html" + }, + { + "name": "1036165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036165" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2431.json b/2016/2xxx/CVE-2016-2431.json index 1376c91bcca..2d784674544 100644 --- a/2016/2xxx/CVE-2016-2431.json +++ b/2016/2xxx/CVE-2016-2431.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2564.json b/2016/2xxx/CVE-2016-2564.json index 3311be6f887..8788a1e0fb1 100644 --- a/2016/2xxx/CVE-2016-2564.json +++ b/2016/2xxx/CVE-2016-2564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://invisionpower.com/release-notes/419-r37/", - "refsource" : "MISC", - "url" : "https://invisionpower.com/release-notes/419-r37/" - }, - { - "name" : "https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9", - "refsource" : "MISC", - "url" : "https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9", + "refsource": "MISC", + "url": "https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9" + }, + { + "name": "https://invisionpower.com/release-notes/419-r37/", + "refsource": "MISC", + "url": "https://invisionpower.com/release-notes/419-r37/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2930.json b/2016/2xxx/CVE-2016-2930.json index 095161a399b..c52d6f297ec 100644 --- a/2016/2xxx/CVE-2016-2930.json +++ b/2016/2xxx/CVE-2016-2930.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-2930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Remote Control", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Remote Control", + "version": { + "version_data": [ + { + "version_value": "9.1.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22002331", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22002331" - }, - { - "name" : "98304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98304" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22002331", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22002331" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2976.json b/2016/2xxx/CVE-2016-2976.json index 3977703cceb..ee318d14574 100644 --- a/2016/2xxx/CVE-2016-2976.json +++ b/2016/2xxx/CVE-2016-2976.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-25T00:00:00", - "ID" : "CVE-2016-2976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-25T00:00:00", + "ID": "CVE-2016-2976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113936", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113936" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006441", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006441" - }, - { - "name" : "100572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006441", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006441" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113936", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113936" + }, + { + "name": "100572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100572" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6096.json b/2016/6xxx/CVE-2016-6096.json index 199d22ec3d2..c5ac5da5558 100644 --- a/2016/6xxx/CVE-2016-6096.json +++ b/2016/6xxx/CVE-2016-6096.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.5" - }, - { - "version_value" : "1.0" - }, - { - "version_value" : "2.0" - }, - { - "version_value" : "2.0.1" - }, - { - "version_value" : "2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.5" + }, + { + "version_value": "1.0" + }, + { + "version_value": "2.0" + }, + { + "version_value": "2.0.1" + }, + { + "version_value": "2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997984", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997984" - }, - { - "name" : "95983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95983" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997984", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997984" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18087.json b/2017/18xxx/CVE-2017-18087.json index c8d75170611..2157ecad66a 100644 --- a/2017/18xxx/CVE-2017-18087.json +++ b/2017/18xxx/CVE-2017-18087.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-15T00:00:00", - "ID" : "CVE-2017-18087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bitbucket Server", - "version" : { - "version_data" : [ - { - "version_value" : "from 5.1.0 prior to 5.1.7" - }, - { - "version_value" : "from 5.2.0 prior to 5.2.5" - }, - { - "version_value" : "from 5.3.0 prior to 5.3.3" - }, - { - "version_value" : "from 5.4.0 prior to 5.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Argument Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-15T00:00:00", + "ID": "CVE-2017-18087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "from 5.1.0 prior to 5.1.7" + }, + { + "version_value": "from 5.2.0 prior to 5.2.5" + }, + { + "version_value": "from 5.3.0 prior to 5.3.3" + }, + { + "version_value": "from 5.4.0 prior to 5.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/BSERV-10593", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/BSERV-10593" - }, - { - "name" : "103038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Argument Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103038" + }, + { + "name": "https://jira.atlassian.com/browse/BSERV-10593", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/BSERV-10593" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18210.json b/2017/18xxx/CVE-2017-18210.json index 7db1b0c0cd4..e857e67035e 100644 --- a/2017/18xxx/CVE-2017-18210.json +++ b/2017/18xxx/CVE-2017-18210.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/791", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/791" - }, - { - "name" : "103212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/791", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/791" + }, + { + "name": "103212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103212" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1255.json b/2017/1xxx/CVE-2017-1255.json index 50f0b8de620..4f0d443750f 100644 --- a/2017/1xxx/CVE-2017-1255.json +++ b/2017/1xxx/CVE-2017-1255.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-04-30T00:00:00", - "ID" : "CVE-2017-1255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "10.1.2" - }, - { - "version_value" : "10.1.3" - }, - { - "version_value" : "10.1.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-04-30T00:00:00", + "ID": "CVE-2017-1255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.1" + }, + { + "version_value": "10.1.2" + }, + { + "version_value": "10.1.3" + }, + { + "version_value": "10.1.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014537", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014537" - }, - { - "name" : "ibm-guardium-cve20171255-info-disc(124675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-guardium-cve20171255-info-disc(124675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124675" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22014537", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22014537" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1443.json b/2017/1xxx/CVE-2017-1443.json index bf69a227d57..211e6d78f96 100644 --- a/2017/1xxx/CVE-2017-1443.json +++ b/2017/1xxx/CVE-2017-1443.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-28T00:00:00", - "ID" : "CVE-2017-1443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Services Procurement", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-28T00:00:00", + "ID": "CVE-2017-1443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Services Procurement", + "version": { + "version_data": [ + { + "version_value": "10.0.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128109", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128109" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005550", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005550" - }, - { - "name" : "99542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128109", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128109" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550" + }, + { + "name": "99542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99542" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1643.json b/2017/1xxx/CVE-2017-1643.json index 77e9141cae2..a42163a3b20 100644 --- a/2017/1xxx/CVE-2017-1643.json +++ b/2017/1xxx/CVE-2017-1643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5261.json b/2017/5xxx/CVE-2017-5261.json index 265194d2f3a..8e0182bd206 100644 --- a/2017/5xxx/CVE-2017-5261.json +++ b/2017/5xxx/CVE-2017-5261.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cnPilot", - "version" : { - "version_data" : [ - { - "version_value" : "4.3.2-R4 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Cambium Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-472 (External Control of Assumed-Immutable Web Parameter)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cnPilot", + "version": { + "version_data": [ + { + "version_value": "4.3.2-R4 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Cambium Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-472 (External Control of Assumed-Immutable Web Parameter)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5278.json b/2017/5xxx/CVE-2017-5278.json index e75dcc94551..5b70ae2abd7 100644 --- a/2017/5xxx/CVE-2017-5278.json +++ b/2017/5xxx/CVE-2017-5278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5278", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5278", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5641.json b/2017/5xxx/CVE-2017-5641.json index 065442ad930..2bc03b0f9db 100644 --- a/2017/5xxx/CVE-2017-5641.json +++ b/2017/5xxx/CVE-2017-5641.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-03-27T00:00:00", - "ID" : "CVE-2017-5641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Flex Blaze DS", - "version" : { - "version_data" : [ - { - "version_value" : "before 4.7.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-03-27T00:00:00", + "ID": "CVE-2017-5641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Flex Blaze DS", + "version": { + "version_data": [ + { + "version_value": "before 4.7.3" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[flex-dev] 20170327 [VOTE] Release Apache Flex BlazeDS 4.7.3", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/flex-dev/201703.mbox/%3C6B86C8D0-6E36-48F5-AC81-4AB3978F6746@c-ware.de%3E" - }, - { - "name" : "https://issues.apache.org/jira/browse/FLEX-35290", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/FLEX-35290" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us" - }, - { - "name" : "VU#307983", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/307983" - }, - { - "name" : "97383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97383" - }, - { - "name" : "1038273", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#307983", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/307983" + }, + { + "name": "97383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97383" + }, + { + "name": "1038273", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038273" + }, + { + "name": "[flex-dev] 20170327 [VOTE] Release Apache Flex BlazeDS 4.7.3", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/flex-dev/201703.mbox/%3C6B86C8D0-6E36-48F5-AC81-4AB3978F6746@c-ware.de%3E" + }, + { + "name": "https://issues.apache.org/jira/browse/FLEX-35290", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/FLEX-35290" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us" + } + ] + } +} \ No newline at end of file