diff --git a/2006/0xxx/CVE-2006-0183.json b/2006/0xxx/CVE-2006-0183.json index 939295085db..a49fcaeee99 100644 --- a/2006/0xxx/CVE-2006-0183.json +++ b/2006/0xxx/CVE-2006-0183.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421744/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/25/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/25/summary.html" - }, - { - "name" : "ADV-2006-0152", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0152" - }, - { - "name" : "22345", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22345" - }, - { - "name" : "18432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18432" - }, - { - "name" : "343", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/343" - }, - { - "name" : "acal-header-footer-code-execute(24107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22345", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22345" + }, + { + "name": "343", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/343" + }, + { + "name": "http://evuln.com/vulns/25/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/25/summary.html" + }, + { + "name": "ADV-2006-0152", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0152" + }, + { + "name": "18432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18432" + }, + { + "name": "20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421744/100/0/threaded" + }, + { + "name": "acal-header-footer-code-execute(24107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24107" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0344.json b/2006/0xxx/CVE-2006-0344.json index c7147423a68..1bc6b35cdca 100644 --- a/2006/0xxx/CVE-2006-0344.json +++ b/2006/0xxx/CVE-2006-0344.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nii.co.in/vuln/filecopa.html", - "refsource" : "MISC", - "url" : "http://www.nii.co.in/vuln/filecopa.html" - }, - { - "name" : "16335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16335" - }, - { - "name" : "ADV-2006-0285", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0285" - }, - { - "name" : "22694", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22694" - }, - { - "name" : "18550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18550" - }, - { - "name" : "filecopa-ftp-directory-traversal(24257)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18550" + }, + { + "name": "filecopa-ftp-directory-traversal(24257)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257" + }, + { + "name": "http://www.nii.co.in/vuln/filecopa.html", + "refsource": "MISC", + "url": "http://www.nii.co.in/vuln/filecopa.html" + }, + { + "name": "22694", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22694" + }, + { + "name": "ADV-2006-0285", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0285" + }, + { + "name": "16335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16335" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0663.json b/2006/0xxx/CVE-2006-0663.json index 08b30761bc6..9d69128cdb2 100644 --- a/2006/0xxx/CVE-2006-0663.json +++ b/2006/0xxx/CVE-2006-0663.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using \"java script:\"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2005-38/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-38/advisory/" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919" - }, - { - "name" : "16577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16577" - }, - { - "name" : "ADV-2006-0499", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0499" - }, - { - "name" : "23077", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23077" - }, - { - "name" : "23078", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23078" - }, - { - "name" : "23079", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23079" - }, - { - "name" : "1015610", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015610" - }, - { - "name" : "16340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16340" - }, - { - "name" : "domino-webaccess-attachment-xss(24611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24611" - }, - { - "name" : "domino-webaccess-filename-xss(24614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24614" - }, - { - "name" : "domino-webaccess-javascript-xss(24613)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using \"java script:\"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2005-38/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-38/advisory/" + }, + { + "name": "ADV-2006-0499", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0499" + }, + { + "name": "domino-webaccess-filename-xss(24614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24614" + }, + { + "name": "domino-webaccess-attachment-xss(24611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24611" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919" + }, + { + "name": "23079", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23079" + }, + { + "name": "23077", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23077" + }, + { + "name": "16577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16577" + }, + { + "name": "23078", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23078" + }, + { + "name": "domino-webaccess-javascript-xss(24613)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24613" + }, + { + "name": "16340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16340" + }, + { + "name": "1015610", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015610" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3377.json b/2006/3xxx/CVE-2006-3377.json index efee08032fd..81070c49ae6 100644 --- a/2006/3xxx/CVE-2006-3377.json +++ b/2006/3xxx/CVE-2006-3377.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060702 [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438941/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls19.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls19.txt" - }, - { - "name" : "18796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18796" - }, - { - "name" : "ADV-2006-2658", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2658" - }, - { - "name" : "ADV-2006-2659", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2659" - }, - { - "name" : "1016428", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016428" - }, - { - "name" : "1016429", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016429" - }, - { - "name" : "20903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20903" - }, - { - "name" : "20929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20929" - }, - { - "name" : "autorankpro-adminmain-xss(27552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2658", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2658" + }, + { + "name": "20060702 [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438941/100/0/threaded" + }, + { + "name": "1016428", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016428" + }, + { + "name": "20929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20929" + }, + { + "name": "http://www.majorsecurity.de/advisory/major_rls19.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls19.txt" + }, + { + "name": "20903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20903" + }, + { + "name": "ADV-2006-2659", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2659" + }, + { + "name": "1016429", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016429" + }, + { + "name": "18796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18796" + }, + { + "name": "autorankpro-adminmain-xss(27552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27552" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3416.json b/2006/3xxx/CVE-2006-3416.json index 422c26a64c4..dca566b5891 100644 --- a/2006/3xxx/CVE-2006-3416.json +++ b/2006/3xxx/CVE-2006-3416.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the \"Security fixes\" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tor.eff.org/cvs/tor/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://tor.eff.org/cvs/tor/ChangeLog" - }, - { - "name" : "GLSA-200606-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml" - }, - { - "name" : "20514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the \"Security fixes\" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20514" + }, + { + "name": "GLSA-200606-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200606-04.xml" + }, + { + "name": "http://tor.eff.org/cvs/tor/ChangeLog", + "refsource": "CONFIRM", + "url": "http://tor.eff.org/cvs/tor/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3892.json b/2006/3xxx/CVE-2006-3892.json index 7d4fa0c34bd..699f81363a9 100644 --- a/2006/3xxx/CVE-2006-3892.json +++ b/2006/3xxx/CVE-2006-3892.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-3892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-6VMLWA", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-6VMLWA" - }, - { - "name" : "VU#498553", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/498553" - }, - { - "name" : "22789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22789" - }, - { - "name" : "ADV-2007-0816", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0816" - }, - { - "name" : "33853", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33853" - }, - { - "name" : "1017724", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017724" - }, - { - "name" : "24362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24362" + }, + { + "name": "33853", + "refsource": "OSVDB", + "url": "http://osvdb.org/33853" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-6VMLWA", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MIMG-6VMLWA" + }, + { + "name": "ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt" + }, + { + "name": "22789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22789" + }, + { + "name": "1017724", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017724" + }, + { + "name": "ADV-2007-0816", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0816" + }, + { + "name": "VU#498553", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/498553" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4027.json b/2006/4xxx/CVE-2006-4027.json index de5d61ed01b..15dd0879f1a 100644 --- a/2006/4xxx/CVE-2006-4027.json +++ b/2006/4xxx/CVE-2006-4027.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4027", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4027", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4401.json b/2006/4xxx/CVE-2006-4401.json index 62bb6299478..7ff74dc280a 100644 --- a/2006/4xxx/CVE-2006-4401.json +++ b/2006/4xxx/CVE-2006-4401.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "VU#681056", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/681056" - }, - { - "name" : "21335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21335" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "30736", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30736" - }, - { - "name" : "1017302", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017302" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "VU#681056", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/681056" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "1017302", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017302" + }, + { + "name": "21335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21335" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + }, + { + "name": "30736", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30736" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4605.json b/2006/4xxx/CVE-2006-4605.json index 86ad2c5d2d6..7198e852bf7 100644 --- a/2006/4xxx/CVE-2006-4605.json +++ b/2006/4xxx/CVE-2006-4605.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060902 PHP-Revista Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445007/100/0/threaded" - }, - { - "name" : "20090413 Re: PHP-Revista Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502637/100/0/threaded" - }, - { - "name" : "8425", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8425" - }, - { - "name" : "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2009-April/002167.html" - }, - { - "name" : "19818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19818" - }, - { - "name" : "28443", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28443" - }, - { - "name" : "21738", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21738" - }, - { - "name" : "1499", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19818" + }, + { + "name": "8425", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8425" + }, + { + "name": "20090413 Re: PHP-Revista Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502637/100/0/threaded" + }, + { + "name": "28443", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28443" + }, + { + "name": "1499", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1499" + }, + { + "name": "20060902 PHP-Revista Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445007/100/0/threaded" + }, + { + "name": "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2009-April/002167.html" + }, + { + "name": "21738", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21738" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4671.json b/2006/4xxx/CVE-2006-4671.json index 6c9ed074497..25ac6168704 100644 --- a/2006/4xxx/CVE-2006-4671.json +++ b/2006/4xxx/CVE-2006-4671.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3027", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3027" - }, - { - "name" : "21796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21796" - }, - { - "name" : "ADV-2006-3513", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3513" - }, - { - "name" : "21807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21807" - }, - { - "name" : "23519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23519" - }, - { - "name" : "fantasticnews-configscriptpath-file-include(31121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21807" + }, + { + "name": "ADV-2006-3513", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3513" + }, + { + "name": "23519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23519" + }, + { + "name": "fantasticnews-configscriptpath-file-include(31121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31121" + }, + { + "name": "3027", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3027" + }, + { + "name": "21796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21796" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4761.json b/2006/4xxx/CVE-2006-4761.json index 7e541da16b8..31a1d1ee631 100644 --- a/2006/4xxx/CVE-2006-4761.json +++ b/2006/4xxx/CVE-2006-4761.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cgisecurity.com/papers/RSS-Security.ppt", - "refsource" : "MISC", - "url" : "http://www.cgisecurity.com/papers/RSS-Security.ppt" - }, - { - "name" : "20128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20128" - }, - { - "name" : "ADV-2006-3712", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3712" - }, - { - "name" : "21963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21963" - }, - { - "name" : "sharpreader-atomrss-feed-xss(29073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20128" + }, + { + "name": "http://www.cgisecurity.com/papers/RSS-Security.ppt", + "refsource": "MISC", + "url": "http://www.cgisecurity.com/papers/RSS-Security.ppt" + }, + { + "name": "21963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21963" + }, + { + "name": "ADV-2006-3712", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3712" + }, + { + "name": "sharpreader-atomrss-feed-xss(29073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29073" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7134.json b/2006/7xxx/CVE-2006-7134.json index 4bf9275969f..9c259365da4 100644 --- a/2006/7xxx/CVE-2006-7134.json +++ b/2006/7xxx/CVE-2006-7134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21150" - }, - { - "name" : "ADV-2006-4575", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4575" - }, - { - "name" : "22973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22973" - }, - { - "name" : "utp-mainuser-file-upload(30365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22973" + }, + { + "name": "21150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21150" + }, + { + "name": "ADV-2006-4575", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4575" + }, + { + "name": "utp-mainuser-file-upload(30365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30365" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2003.json b/2010/2xxx/CVE-2010-2003.json index ed0a1d7c914..93df166913f 100644 --- a/2010/2xxx/CVE-2010-2003.json +++ b/2010/2xxx/CVE-2010-2003.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100510 XSS vulnerability in Advanced Poll", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511210/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1005-exploits/advancedpoll208-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/advancedpoll208-xss.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html" - }, - { - "name" : "40045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40045" - }, - { - "name" : "64524", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64524" - }, - { - "name" : "39768", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39768" - }, - { - "name" : "advancedpoll-getadmin-xss(58503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64524", + "refsource": "OSVDB", + "url": "http://osvdb.org/64524" + }, + { + "name": "advancedpoll-getadmin-xss(58503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58503" + }, + { + "name": "40045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40045" + }, + { + "name": "20100510 XSS vulnerability in Advanced Poll", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511210/100/0/threaded" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/advancedpoll208-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/advancedpoll208-xss.txt" + }, + { + "name": "39768", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39768" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2047.json b/2010/2xxx/CVE-2010-2047.json index e3c078b5fa2..6a5201c0af8 100644 --- a/2010/2xxx/CVE-2010-2047.json +++ b/2010/2xxx/CVE-2010-2047.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12641", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12641" - }, - { - "name" : "40231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40231" - }, - { - "name" : "64716", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64716" - }, - { - "name" : "39851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39851" - }, - { - "name" : "jecms-index-sql-injection(58646)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jecms-index-sql-injection(58646)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58646" + }, + { + "name": "39851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39851" + }, + { + "name": "12641", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12641" + }, + { + "name": "64716", + "refsource": "OSVDB", + "url": "http://osvdb.org/64716" + }, + { + "name": "40231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40231" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2195.json b/2010/2xxx/CVE-2010-2195.json index 51ef0e375cf..18831007657 100644 --- a/2010/2xxx/CVE-2010-2195.json +++ b/2010/2xxx/CVE-2010-2195.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a \"wrong code generation interaction with GCC.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eterna.com.au/bozohttpd/CHANGES", - "refsource" : "MISC", - "url" : "http://www.eterna.com.au/bozohttpd/CHANGES" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298" - }, - { - "name" : "http://security-tracker.debian.org/tracker/CVE-2010-2195", - "refsource" : "CONFIRM", - "url" : "http://security-tracker.debian.org/tracker/CVE-2010-2195" - }, - { - "name" : "http://www.eterna.com.au/bozohttpd", - "refsource" : "CONFIRM", - "url" : "http://www.eterna.com.au/bozohttpd" - }, - { - "name" : "bozohttpd-gcc-dos(60876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a \"wrong code generation interaction with GCC.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bozohttpd-gcc-dos(60876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60876" + }, + { + "name": "http://security-tracker.debian.org/tracker/CVE-2010-2195", + "refsource": "CONFIRM", + "url": "http://security-tracker.debian.org/tracker/CVE-2010-2195" + }, + { + "name": "http://www.eterna.com.au/bozohttpd", + "refsource": "CONFIRM", + "url": "http://www.eterna.com.au/bozohttpd" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298" + }, + { + "name": "http://www.eterna.com.au/bozohttpd/CHANGES", + "refsource": "MISC", + "url": "http://www.eterna.com.au/bozohttpd/CHANGES" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2985.json b/2010/2xxx/CVE-2010-2985.json index 2629a22d3da..e8c6c47859a 100644 --- a/2010/2xxx/CVE-2010-2985.json +++ b/2010/2xxx/CVE-2010-2985.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IZ75984", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75984" - }, - { - "name" : "IZ76926", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ76926" - }, - { - "name" : "42281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42281" - }, - { - "name" : "40862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IZ75984", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75984" + }, + { + "name": "40862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40862" + }, + { + "name": "IZ76926", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ76926" + }, + { + "name": "42281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42281" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3048.json b/2010/3xxx/CVE-2010-3048.json index e39d1186483..f4a7bd51b06 100644 --- a/2010/3xxx/CVE-2010-3048.json +++ b/2010/3xxx/CVE-2010-3048.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3048", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3048", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3205.json b/2010/3xxx/CVE-2010-3205.json index e9c168b86a6..3a2f3c9dd7b 100644 --- a/2010/3xxx/CVE-2010-3205.json +++ b/2010/3xxx/CVE-2010-3205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14823", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14823" - }, - { - "name" : "http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt" - }, - { - "name" : "textpattern-index-file-include(61475)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt" + }, + { + "name": "14823", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14823" + }, + { + "name": "textpattern-index-file-include(61475)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61475" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3217.json b/2010/3xxx/CVE-2010-3217.json index da86adab09a..9517703117a 100644 --- a/2010/3xxx/CVE-2010-3217.json +++ b/2010/3xxx/CVE-2010-3217.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka \"Word Pointer Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101014 VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514298/100/0/threaded" - }, - { - "name" : "20101223 Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515440/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-76/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-76/" - }, - { - "name" : "MS10-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6695", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka \"Word Pointer Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6695", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695" + }, + { + "name": "20101014 VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514298/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2010-76/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-76/" + }, + { + "name": "MS10-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079" + }, + { + "name": "20101223 Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515440/100/0/threaded" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3472.json b/2010/3xxx/CVE-2010-3472.json index bd3192171e2..070c6d97bf6 100644 --- a/2010/3xxx/CVE-2010-3472.json +++ b/2010/3xxx/CVE-2010-3472.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" - }, - { - "name" : "PJ37466", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37466" - }, - { - "name" : "43272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43272" - }, - { - "name" : "41458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41458" - }, - { - "name" : "ADV-2010-2419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" + }, + { + "name": "PJ37466", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37466" + }, + { + "name": "43272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43272" + }, + { + "name": "41458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41458" + }, + { + "name": "ADV-2010-2419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2419" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0188.json b/2011/0xxx/CVE-2011-0188.json index 53cd82d07a7..542d8d871db 100644 --- a/2011/0xxx/CVE-2011-0188.json +++ b/2011/0xxx/CVE-2011-0188.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993", - "refsource" : "CONFIRM", - "url" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=682332", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=682332" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "MDVSA-2011:097", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097" - }, - { - "name" : "MDVSA-2011:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098" - }, - { - "name" : "RHSA-2011:0908", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0908.html" - }, - { - "name" : "RHSA-2011:0909", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0909.html" - }, - { - "name" : "RHSA-2011:0910", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0910.html" - }, - { - "name" : "1025236", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0910", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0910.html" + }, + { + "name": "1025236", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025236" + }, + { + "name": "MDVSA-2011:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098" + }, + { + "name": "RHSA-2011:0909", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0909.html" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "RHSA-2011:0908", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0908.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=682332", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682332" + }, + { + "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993", + "refsource": "CONFIRM", + "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993" + }, + { + "name": "MDVSA-2011:097", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0202.json b/2011/0xxx/CVE-2011-0202.json index 24dbbe73412..a501403ce2f 100644 --- a/2011/0xxx/CVE-2011-0202.json +++ b/2011/0xxx/CVE-2011-0202.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0585.json b/2011/0xxx/CVE-2011-0585.json index 1a4f198ca34..9132c432461 100644 --- a/2011/0xxx/CVE-2011-0585.json +++ b/2011/0xxx/CVE-2011-0585.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "RHSA-2011:0301", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html" - }, - { - "name" : "46207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46207" - }, - { - "name" : "oval:org.mitre.oval:def:12193", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12193" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "43470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43470" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - }, - { - "name" : "ADV-2011-0492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0492" - }, - { - "name" : "acrobat-unspec-dos(65290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0492" + }, + { + "name": "46207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46207" + }, + { + "name": "oval:org.mitre.oval:def:12193", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12193" + }, + { + "name": "43470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43470" + }, + { + "name": "RHSA-2011:0301", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" + }, + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "acrobat-unspec-dos(65290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65290" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1318.json b/2011/1xxx/CVE-2011-1318.json index c4a54a2071b..bf11caf7e75 100644 --- a/2011/1xxx/CVE-2011-1318.json +++ b/2011/1xxx/CVE-2011-1318.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PM23029", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM23029", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1486.json b/2011/1xxx/CVE-2011-1486.json index 8473bd48fdf..3d7d1ee2de3 100644 --- a/2011/1xxx/CVE-2011-1486.json +++ b/2011/1xxx/CVE-2011-1486.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html" - }, - { - "name" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100134583", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100134583" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=693391", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=693391" - }, - { - "name" : "DSA-2280", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2280" - }, - { - "name" : "RHSA-2011:0478", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0478.html" - }, - { - "name" : "RHSA-2011:0479", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0479.html" - }, - { - "name" : "USN-1152-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1152-1" - }, - { - "name" : "47148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47148" - }, - { - "name" : "1025477", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025477" - }, - { - "name" : "44459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100134583", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100134583" + }, + { + "name": "44459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44459" + }, + { + "name": "RHSA-2011:0479", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0479.html" + }, + { + "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670", + "refsource": "CONFIRM", + "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670" + }, + { + "name": "1025477", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025477" + }, + { + "name": "47148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47148" + }, + { + "name": "USN-1152-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1152-1" + }, + { + "name": "RHSA-2011:0478", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0478.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=693391", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391" + }, + { + "name": "[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html" + }, + { + "name": "DSA-2280", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2280" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1682.json b/2011/1xxx/CVE-2011-1682.json index 5496f72d790..e6c24a820fa 100644 --- a/2011/1xxx/CVE-2011-1682.json +++ b/2011/1xxx/CVE-2011-1682.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44041" - }, - { - "name" : "phplist-list-csrf(66666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66666" - }, - { - "name" : "phplist-xss-sequences-csrf(66816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phplist-list-csrf(66666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66666" + }, + { + "name": "44041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44041" + }, + { + "name": "phplist-xss-sequences-csrf(66816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66816" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3247.json b/2014/3xxx/CVE-2014-3247.json index 499cfd6d070..cdf205536f6 100644 --- a/2014/3xxx/CVE-2014-3247.json +++ b/2014/3xxx/CVE-2014-3247.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33250", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33250" - }, - { - "name" : "67343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67343" + }, + { + "name": "33250", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33250" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3392.json b/2014/3xxx/CVE-2014-3392.json index 089032814df..7f1715ec8bc 100644 --- a/2014/3xxx/CVE-2014-3392.json +++ b/2014/3xxx/CVE-2014-3392.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3593.json b/2014/3xxx/CVE-2014-3593.json index 5372044d1b5..defb638b9b2 100644 --- a/2014/3xxx/CVE-2014-3593.json +++ b/2014/3xxx/CVE-2014-3593.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=989005", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=989005" - }, - { - "name" : "RHSA-2014:1390", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1390.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1390", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1390.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=989005", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=989005" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6643.json b/2014/6xxx/CVE-2014-6643.json index 530f415ff1e..d5bedeb035c 100644 --- a/2014/6xxx/CVE-2014-6643.json +++ b/2014/6xxx/CVE-2014-6643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#331169", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/331169" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#331169", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/331169" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6662.json b/2014/6xxx/CVE-2014-6662.json index 762d5067d17..11cff56cd9a 100644 --- a/2014/6xxx/CVE-2014-6662.json +++ b/2014/6xxx/CVE-2014-6662.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3.5.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#724617", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/724617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3.5.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#724617", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/724617" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7228.json b/2014/7xxx/CVE-2014-7228.json index fa95b34cb2f..90cc9552386 100644 --- a/2014/7xxx/CVE-2014-7228.json +++ b/2014/7xxx/CVE-2014-7228.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/", - "refsource" : "MISC", - "url" : "http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/" - }, - { - "name" : "http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html" - }, - { - "name" : "https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html", - "refsource" : "CONFIRM", - "url" : "https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/", + "refsource": "MISC", + "url": "http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/" + }, + { + "name": "http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html" + }, + { + "name": "https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html", + "refsource": "CONFIRM", + "url": "https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7297.json b/2014/7xxx/CVE-2014-7297.json index cd31e3f542e..27efefdc7ea 100644 --- a/2014/7xxx/CVE-2014-7297.json +++ b/2014/7xxx/CVE-2014-7297.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990", - "refsource" : "CONFIRM", - "url" : "http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990", + "refsource": "CONFIRM", + "url": "http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7325.json b/2014/7xxx/CVE-2014-7325.json index 68e41dc19b8..d381064e3ac 100644 --- a/2014/7xxx/CVE-2014-7325.json +++ b/2014/7xxx/CVE-2014-7325.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Business Intelligence (aka com.magzter.businessintelligence) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#456393", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/456393" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Business Intelligence (aka com.magzter.businessintelligence) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#456393", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/456393" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7516.json b/2014/7xxx/CVE-2014-7516.json index debc0ce3e64..abe74a58ce9 100644 --- a/2014/7xxx/CVE-2014-7516.json +++ b/2014/7xxx/CVE-2014-7516.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Central East LHIN News (aka com.wCentralEastLHINNews) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#863217", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/863217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Central East LHIN News (aka com.wCentralEastLHINNews) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#863217", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/863217" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8019.json b/2014/8xxx/CVE-2014-8019.json index 4fe5a610230..467e135914a 100644 --- a/2014/8xxx/CVE-2014-8019.json +++ b/2014/8xxx/CVE-2014-8019.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141219 Cisco ECDS Web Directory Traversal and Arbitrary File Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8019" - }, - { - "name" : "1031417", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141219 Cisco ECDS Web Directory Traversal and Arbitrary File Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8019" + }, + { + "name": "1031417", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031417" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8411.json b/2014/8xxx/CVE-2014-8411.json index 7093ec24522..8ec559e0273 100644 --- a/2014/8xxx/CVE-2014-8411.json +++ b/2014/8xxx/CVE-2014-8411.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8411", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8411", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8587.json b/2014/8xxx/CVE-2014-8587.json index 5f4cc63b309..20de58da108 100644 --- a/2014/8xxx/CVE-2014-8587.json +++ b/2014/8xxx/CVE-2014-8587.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/" - }, - { - "name" : "http://service.sap.com/sap/support/notes/2067859", - "refsource" : "CONFIRM", - "url" : "http://service.sap.com/sap/support/notes/2067859" - }, - { - "name" : "https://twitter.com/SAP_Gsupport/status/522401681997570048", - "refsource" : "CONFIRM", - "url" : "https://twitter.com/SAP_Gsupport/status/522401681997570048" - }, - { - "name" : "57606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.sap.com/sap/support/notes/2067859", + "refsource": "CONFIRM", + "url": "http://service.sap.com/sap/support/notes/2067859" + }, + { + "name": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/" + }, + { + "name": "https://twitter.com/SAP_Gsupport/status/522401681997570048", + "refsource": "CONFIRM", + "url": "https://twitter.com/SAP_Gsupport/status/522401681997570048" + }, + { + "name": "57606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57606" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8689.json b/2014/8xxx/CVE-2014-8689.json index 01e95805680..abec4b54aa6 100644 --- a/2014/8xxx/CVE-2014-8689.json +++ b/2014/8xxx/CVE-2014-8689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8689", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8689", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2123.json b/2016/2xxx/CVE-2016-2123.json index a5609dd33fa..ed27c1c8539 100644 --- a/2016/2xxx/CVE-2016-2123.json +++ b/2016/2xxx/CVE-2016-2123.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2016-2123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "samba", - "version" : { - "version_data" : [ - { - "version_value" : "versions 4.0.0 to 4.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "7.9/AV:A/AC:M/Au:N/C:C/I:C/A:C", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "versions 4.0.0 to 4.5.2" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2016-2123.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2016-2123.html" - }, - { - "name" : "94970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94970" - }, - { - "name" : "1037493", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ], + [ + { + "vectorString": "7.9/AV:A/AC:M/Au:N/C:C/I:C/A:C", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.samba.org/samba/security/CVE-2016-2123.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2016-2123.html" + }, + { + "name": "94970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94970" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123" + }, + { + "name": "1037493", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037493" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2428.json b/2016/2xxx/CVE-2016-2428.json index 3b99edd269e..9f30e79a950 100644 --- a/2016/2xxx/CVE-2016-2428.json +++ b/2016/2xxx/CVE-2016-2428.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2585.json b/2016/2xxx/CVE-2016-2585.json index f6c38cf09c4..4e0ed08c676 100644 --- a/2016/2xxx/CVE-2016-2585.json +++ b/2016/2xxx/CVE-2016-2585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2585", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2585", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2616.json b/2016/2xxx/CVE-2016-2616.json index 2a15502910c..40f72b37f5f 100644 --- a/2016/2xxx/CVE-2016-2616.json +++ b/2016/2xxx/CVE-2016-2616.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2616", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2616", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2885.json b/2016/2xxx/CVE-2016-2885.json index 0923f67e0a1..d9c2504797b 100644 --- a/2016/2xxx/CVE-2016-2885.json +++ b/2016/2xxx/CVE-2016-2885.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2885", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2885", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18306.json b/2017/18xxx/CVE-2017-18306.json index 975521b9cd0..73a8a58856d 100644 --- a/2017/18xxx/CVE-2017-18306.json +++ b/2017/18xxx/CVE-2017-18306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1170.json b/2017/1xxx/CVE-2017-1170.json index e7c38a0e032..71018c87636 100644 --- a/2017/1xxx/CVE-2017-1170.json +++ b/2017/1xxx/CVE-2017-1170.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Commerce Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Commerce Enterprise", + "version": { + "version_data": [ + { + "version_value": "8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001225", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001225" - }, - { - "name" : "98027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98027" - }, - { - "name" : "1038359", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001225", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001225" + }, + { + "name": "98027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98027" + }, + { + "name": "1038359", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038359" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1921.json b/2017/1xxx/CVE-2017-1921.json index dd566164af3..be76eeff4f3 100644 --- a/2017/1xxx/CVE-2017-1921.json +++ b/2017/1xxx/CVE-2017-1921.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1921", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1921", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5012.json b/2017/5xxx/CVE-2017-5012.json index 4981d763d36..8b2f33e53b7 100644 --- a/2017/5xxx/CVE-2017-5012.json +++ b/2017/5xxx/CVE-2017-5012.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/681843", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/681843" - }, - { - "name" : "DSA-3776", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3776" - }, - { - "name" : "GLSA-201701-66", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-66" - }, - { - "name" : "RHSA-2017:0206", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html" - }, - { - "name" : "95792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95792" - }, - { - "name" : "1037718", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95792" + }, + { + "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201701-66", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-66" + }, + { + "name": "RHSA-2017:0206", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html" + }, + { + "name": "https://crbug.com/681843", + "refsource": "CONFIRM", + "url": "https://crbug.com/681843" + }, + { + "name": "1037718", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037718" + }, + { + "name": "DSA-3776", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3776" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5185.json b/2017/5xxx/CVE-2017-5185.json index 012e2d3b3c4..7332c235205 100644 --- a/2017/5xxx/CVE-2017-5185.json +++ b/2017/5xxx/CVE-2017-5185.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2017-5185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetIQ Sentinel Server", - "version" : { - "version_data" : [ - { - "version_value" : "NetIQ Sentinel Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2017-5185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetIQ Sentinel Server", + "version": { + "version_data": [ + { + "version_value": "NetIQ Sentinel Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2017-15", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-15" - }, - { - "name" : "https://www.netiq.com/support/kb/doc.php?id=7018753", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/support/kb/doc.php?id=7018753" - }, - { - "name" : "97267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2017-15", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-15" + }, + { + "name": "97267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97267" + }, + { + "name": "https://www.netiq.com/support/kb/doc.php?id=7018753", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/support/kb/doc.php?id=7018753" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5476.json b/2017/5xxx/CVE-2017-5476.json index 8321bedbd8d..376b135ed98 100644 --- a/2017/5xxx/CVE-2017-5476.json +++ b/2017/5xxx/CVE-2017-5476.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/s9y/Serendipity/issues/439", - "refsource" : "CONFIRM", - "url" : "https://github.com/s9y/Serendipity/issues/439" - }, - { - "name" : "95659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/s9y/Serendipity/issues/439", + "refsource": "CONFIRM", + "url": "https://github.com/s9y/Serendipity/issues/439" + }, + { + "name": "95659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95659" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5754.json b/2017/5xxx/CVE-2017-5754.json index 4396fad24c8..4437013a8f5 100644 --- a/2017/5xxx/CVE-2017-5754.json +++ b/2017/5xxx/CVE-2017-5754.json @@ -1,368 +1,368 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2017-5754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Most Modern Operating Systems", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2017-5754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Most Modern Operating Systems", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html" - }, - { - "name" : "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", - "refsource" : "MISC", - "url" : "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" - }, - { - "name" : "https://meltdownattack.com/", - "refsource" : "MISC", - "url" : "https://meltdownattack.com/" - }, - { - "name" : "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", - "refsource" : "MISC", - "url" : "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" - }, - { - "name" : "https://01.org/security/advisories/intel-oss-10003", - "refsource" : "CONFIRM", - "url" : "https://01.org/security/advisories/intel-oss-10003" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-254.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-254.html" - }, - { - "name" : "https://access.redhat.com/security/vulnerabilities/speculativeexecution", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/vulnerabilities/speculativeexecution" - }, - { - "name" : "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", - "refsource" : "CONFIRM", - "url" : "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" - }, - { - "name" : "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", - "refsource" : "CONFIRM", - "url" : "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" - }, - { - "name" : "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" - }, - { - "name" : "https://support.f5.com/csp/article/K91229003", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K91229003" - }, - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-18282", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-18282" - }, - { - "name" : "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_18_01", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_18_01" - }, - { - "name" : "https://support.citrix.com/article/CTX231399", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX231399" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180104-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180104-0001/" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "https://support.citrix.com/article/CTX234679", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX234679" - }, - { - "name" : "https://cert.vde.com/en-us/advisories/vde-2018-002", - "refsource" : "CONFIRM", - "url" : "https://cert.vde.com/en-us/advisories/vde-2018-002" - }, - { - "name" : "https://cert.vde.com/en-us/advisories/vde-2018-003", - "refsource" : "CONFIRM", - "url" : "https://cert.vde.com/en-us/advisories/vde-2018-003" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us" - }, - { - "name" : "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", - "refsource" : "CONFIRM", - "url" : "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" - }, - { - "name" : "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" - }, - { - "name" : "DSA-4078", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4078" - }, - { - "name" : "DSA-4082", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4082" - }, - { - "name" : "DSA-4120", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4120" - }, - { - "name" : "FreeBSD-SA-18:03", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc" - }, - { - "name" : "GLSA-201810-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-06" - }, - { - "name" : "RHSA-2018:0292", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0292" - }, - { - "name" : "SUSE-SU-2018:0010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2018:0011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" - }, - { - "name" : "SUSE-SU-2018:0012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" - }, - { - "name" : "openSUSE-SU-2018:0022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" - }, - { - "name" : "openSUSE-SU-2018:0023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" - }, - { - "name" : "USN-3516-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/usn/usn-3516-1/" - }, - { - "name" : "USN-3522-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/usn/usn-3522-2/" - }, - { - "name" : "USN-3523-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/usn/usn-3523-2/" - }, - { - "name" : "USN-3524-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/usn/usn-3524-2/" - }, - { - "name" : "USN-3525-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/usn/usn-3525-1/" - }, - { - "name" : "USN-3522-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3522-3/" - }, - { - "name" : "USN-3522-4", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3522-4/" - }, - { - "name" : "USN-3523-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3523-1/" - }, - { - "name" : "USN-3583-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-1/" - }, - { - "name" : "USN-3597-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3597-1/" - }, - { - "name" : "USN-3597-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3597-2/" - }, - { - "name" : "USN-3540-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3540-2/" - }, - { - "name" : "USN-3541-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3541-2/" - }, - { - "name" : "VU#584653", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/584653" - }, - { - "name" : "VU#180049", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/180049" - }, - { - "name" : "102378", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102378" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - }, - { - "name" : "1040071", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" + }, + { + "name": "USN-3523-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3523-1/" + }, + { + "name": "USN-3525-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/usn/usn-3525-1/" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" + }, + { + "name": "GLSA-201810-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-06" + }, + { + "name": "DSA-4082", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4082" + }, + { + "name": "https://support.citrix.com/article/CTX234679", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX234679" + }, + { + "name": "USN-3540-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3540-2/" + }, + { + "name": "USN-3522-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3522-3/" + }, + { + "name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" + }, + { + "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" + }, + { + "name": "USN-3597-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3597-1/" + }, + { + "name": "SUSE-SU-2018:0012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" + }, + { + "name": "SUSE-SU-2018:0011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" + }, + { + "name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", + "refsource": "MISC", + "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" + }, + { + "name": "https://01.org/security/advisories/intel-oss-10003", + "refsource": "CONFIRM", + "url": "https://01.org/security/advisories/intel-oss-10003" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2018-002", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" + }, + { + "name": "DSA-4120", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4120" + }, + { + "name": "https://support.f5.com/csp/article/K91229003", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K91229003" + }, + { + "name": "USN-3524-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/usn/usn-3524-2/" + }, + { + "name": "DSA-4078", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4078" + }, + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "openSUSE-SU-2018:0022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" + }, + { + "name": "RHSA-2018:0292", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0292" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-254.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-254.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180104-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_18_01", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_18_01" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", + "refsource": "CONFIRM", + "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" + }, + { + "name": "VU#584653", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/584653" + }, + { + "name": "USN-3522-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/usn/usn-3522-2/" + }, + { + "name": "VU#180049", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/180049" + }, + { + "name": "USN-3583-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-1/" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2018-003", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" + }, + { + "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", + "refsource": "CONFIRM", + "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us" + }, + { + "name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" + }, + { + "name": "https://support.citrix.com/article/CTX231399", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX231399" + }, + { + "name": "102378", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102378" + }, + { + "name": "FreeBSD-SA-18:03", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc" + }, + { + "name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", + "refsource": "CONFIRM", + "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + }, + { + "name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", + "refsource": "CONFIRM", + "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" + }, + { + "name": "1040071", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040071" + }, + { + "name": "USN-3597-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3597-2/" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" + }, + { + "name": "SUSE-SU-2018:0010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" + }, + { + "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" + }, + { + "name": "USN-3523-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/usn/usn-3523-2/" + }, + { + "name": "USN-3516-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/usn/usn-3516-1/" + }, + { + "name": "USN-3541-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3541-2/" + }, + { + "name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", + "refsource": "MISC", + "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" + }, + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-18282", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-18282" + }, + { + "name": "https://meltdownattack.com/", + "refsource": "MISC", + "url": "https://meltdownattack.com/" + }, + { + "name": "openSUSE-SU-2018:0023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" + }, + { + "name": "USN-3522-4", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3522-4/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5848.json b/2017/5xxx/CVE-2017-5848.json index e5fad860fb8..b62d08ef689 100644 --- a/2017/5xxx/CVE-2017-5848.json +++ b/2017/5xxx/CVE-2017-5848.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7" - }, - { - "name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3" - }, - { - "name" : "DSA-3818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3818" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "96001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3818" + }, + { + "name": "96001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96001" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3" + }, + { + "name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/9" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + } + ] + } +} \ No newline at end of file