From df1a0ba43d4619156b944d93d5fe11dc96978b5c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:01:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0179.json | 130 ++++++++-------- 2001/0xxx/CVE-2001-0820.json | 160 +++++++++---------- 2006/2xxx/CVE-2006-2079.json | 170 ++++++++++----------- 2006/2xxx/CVE-2006-2092.json | 180 +++++++++++----------- 2006/2xxx/CVE-2006-2178.json | 190 +++++++++++------------ 2006/2xxx/CVE-2006-2411.json | 180 +++++++++++----------- 2006/2xxx/CVE-2006-2760.json | 170 ++++++++++----------- 2006/2xxx/CVE-2006-2823.json | 180 +++++++++++----------- 2006/3xxx/CVE-2006-3208.json | 140 ++++++++--------- 2006/6xxx/CVE-2006-6124.json | 140 ++++++++--------- 2006/6xxx/CVE-2006-6447.json | 170 ++++++++++----------- 2006/6xxx/CVE-2006-6842.json | 150 +++++++++--------- 2006/7xxx/CVE-2006-7148.json | 150 +++++++++--------- 2011/0xxx/CVE-2011-0212.json | 140 ++++++++--------- 2011/0xxx/CVE-2011-0233.json | 170 ++++++++++----------- 2011/0xxx/CVE-2011-0698.json | 180 +++++++++++----------- 2011/2xxx/CVE-2011-2426.json | 170 ++++++++++----------- 2011/2xxx/CVE-2011-2602.json | 140 ++++++++--------- 2011/2xxx/CVE-2011-2750.json | 160 +++++++++---------- 2011/2xxx/CVE-2011-2852.json | 160 +++++++++---------- 2011/2xxx/CVE-2011-2954.json | 130 ++++++++-------- 2011/2xxx/CVE-2011-2961.json | 170 ++++++++++----------- 2011/3xxx/CVE-2011-3509.json | 120 +++++++-------- 2011/3xxx/CVE-2011-3602.json | 160 +++++++++---------- 2011/3xxx/CVE-2011-3689.json | 120 +++++++-------- 2011/3xxx/CVE-2011-3971.json | 200 ++++++++++++------------ 2011/4xxx/CVE-2011-4098.json | 160 +++++++++---------- 2011/4xxx/CVE-2011-4251.json | 120 +++++++-------- 2011/4xxx/CVE-2011-4460.json | 180 +++++++++++----------- 2013/1xxx/CVE-2013-1030.json | 130 ++++++++-------- 2013/1xxx/CVE-2013-1257.json | 140 ++++++++--------- 2013/1xxx/CVE-2013-1380.json | 170 ++++++++++----------- 2013/1xxx/CVE-2013-1647.json | 120 +++++++-------- 2013/5xxx/CVE-2013-5350.json | 160 +++++++++---------- 2013/5xxx/CVE-2013-5828.json | 130 ++++++++-------- 2013/5xxx/CVE-2013-5831.json | 270 ++++++++++++++++----------------- 2014/2xxx/CVE-2014-2120.json | 140 ++++++++--------- 2014/2xxx/CVE-2014-2144.json | 120 +++++++-------- 2014/2xxx/CVE-2014-2147.json | 160 +++++++++---------- 2014/2xxx/CVE-2014-2299.json | 260 +++++++++++++++---------------- 2014/2xxx/CVE-2014-2814.json | 160 +++++++++---------- 2014/6xxx/CVE-2014-6344.json | 140 ++++++++--------- 2014/6xxx/CVE-2014-6468.json | 200 ++++++++++++------------ 2014/6xxx/CVE-2014-6575.json | 130 ++++++++-------- 2014/6xxx/CVE-2014-6791.json | 140 ++++++++--------- 2017/0xxx/CVE-2017-0134.json | 140 ++++++++--------- 2017/0xxx/CVE-2017-0468.json | 158 +++++++++---------- 2017/0xxx/CVE-2017-0989.json | 34 ++--- 2017/16xxx/CVE-2017-16461.json | 34 ++--- 2017/1xxx/CVE-2017-1008.json | 34 ++--- 2017/1xxx/CVE-2017-1344.json | 34 ++--- 2017/1xxx/CVE-2017-1758.json | 262 ++++++++++++++++---------------- 2017/1xxx/CVE-2017-1820.json | 34 ++--- 2017/4xxx/CVE-2017-4084.json | 34 ++--- 2017/4xxx/CVE-2017-4286.json | 34 ++--- 2017/4xxx/CVE-2017-4372.json | 34 ++--- 2017/4xxx/CVE-2017-4432.json | 34 ++--- 2017/4xxx/CVE-2017-4482.json | 34 ++--- 58 files changed, 4030 insertions(+), 4030 deletions(-) diff --git a/2001/0xxx/CVE-2001-0179.json b/2001/0xxx/CVE-2001-0179.json index b648236026c..9672c44d247 100644 --- a/2001/0xxx/CVE-2001-0179.json +++ b/2001/0xxx/CVE-2001-0179.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a \".\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ASB01-02", - "refsource" : "ALLAIRE", - "url" : "http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full" - }, - { - "name" : "jrun-webinf-file-retrieval(6008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a \".\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jrun-webinf-file-retrieval(6008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6008" + }, + { + "name": "ASB01-02", + "refsource": "ALLAIRE", + "url": "http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0820.json b/2001/0xxx/CVE-2001-0820.json index 8a38b20bf2c..508f7765a5d 100644 --- a/2001/0xxx/CVE-2001-0820.json +++ b/2001/0xxx/CVE-2001-0820.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010617 Buffer Overflow in GazTek HTTP Daemon v1.4 (ghttpd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99279182704674&w=2" - }, - { - "name" : "20010630 Advisory Ghttp 1.4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99406263214417&w=2" - }, - { - "name" : "gaztek-ghttpd-bo(6702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6702" - }, - { - "name" : "2879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2879" - }, - { - "name" : "2965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2879" + }, + { + "name": "2965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2965" + }, + { + "name": "20010617 Buffer Overflow in GazTek HTTP Daemon v1.4 (ghttpd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99279182704674&w=2" + }, + { + "name": "gaztek-ghttpd-bo(6702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6702" + }, + { + "name": "20010630 Advisory Ghttp 1.4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99406263214417&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2079.json b/2006/2xxx/CVE-2006-2079.json index e5055fb6259..ce9d84bd674 100644 --- a/2006/2xxx/CVE-2006-2079.json +++ b/2006/2xxx/CVE-2006-2079.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060425 Instant Photo Gallery <= Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432024/100/0/threaded" - }, - { - "name" : "20060427 Re: Instant Photo Gallery <= Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432241/100/0/threaded" - }, - { - "name" : "20060427 Instant Photo Gallery <= Multiple XSS (fwd)", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-April/000733.html" - }, - { - "name" : "17696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17696" - }, - { - "name" : "24985", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24985" - }, - { - "name" : "803", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24985", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24985" + }, + { + "name": "20060427 Instant Photo Gallery <= Multiple XSS (fwd)", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-April/000733.html" + }, + { + "name": "17696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17696" + }, + { + "name": "803", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/803" + }, + { + "name": "20060427 Re: Instant Photo Gallery <= Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432241/100/0/threaded" + }, + { + "name": "20060425 Instant Photo Gallery <= Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432024/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2092.json b/2006/2xxx/CVE-2006-2092.json index 676dfee0e19..f244eb0d17e 100644 --- a/2006/2xxx/CVE-2006-2092.json +++ b/2006/2xxx/CVE-2006-2092.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02112", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00642089" - }, - { - "name" : "SSRT061129", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00642089" - }, - { - "name" : "17638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17638" - }, - { - "name" : "ADV-2006-1458", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1458" - }, - { - "name" : "1015969", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015969" - }, - { - "name" : "19752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19752" - }, - { - "name" : "hp-storageworks-win-dos(25939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1458", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1458" + }, + { + "name": "1015969", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015969" + }, + { + "name": "SSRT061129", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00642089" + }, + { + "name": "17638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17638" + }, + { + "name": "hp-storageworks-win-dos(25939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25939" + }, + { + "name": "HPSBST02112", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00642089" + }, + { + "name": "19752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19752" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2178.json b/2006/2xxx/CVE-2006-2178.json index 99ae6dfebed..ed4266bf228 100644 --- a/2006/2xxx/CVE-2006-2178.json +++ b/2006/2xxx/CVE-2006-2178.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html" - }, - { - "name" : "17829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17829" - }, - { - "name" : "ADV-2006-1630", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1630" - }, - { - "name" : "25197", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25197" - }, - { - "name" : "25198", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25198" - }, - { - "name" : "25199", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25199" - }, - { - "name" : "19889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19889" - }, - { - "name" : "cyberbuild-multiple-xss(26202)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1630", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1630" + }, + { + "name": "25198", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25198" + }, + { + "name": "25199", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25199" + }, + { + "name": "25197", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25197" + }, + { + "name": "http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html" + }, + { + "name": "17829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17829" + }, + { + "name": "cyberbuild-multiple-xss(26202)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26202" + }, + { + "name": "19889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19889" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2411.json b/2006/2xxx/CVE-2006-2411.json index 42b9b5bc928..0018b13cbd9 100644 --- a/2006/2xxx/CVE-2006-2411.json +++ b/2006/2xxx/CVE-2006-2411.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060512 Multiple vulnerabilities in Raydium rev 309", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433930/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/raydiumx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/raydiumx-adv.txt" - }, - { - "name" : "17986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17986" - }, - { - "name" : "ADV-2006-1808", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1808" - }, - { - "name" : "20097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20097" - }, - { - "name" : "900", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/900" - }, - { - "name" : "raydium-raydiumnetworkread-bo(26516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17986" + }, + { + "name": "20097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20097" + }, + { + "name": "ADV-2006-1808", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1808" + }, + { + "name": "http://aluigi.altervista.org/adv/raydiumx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/raydiumx-adv.txt" + }, + { + "name": "raydium-raydiumnetworkread-bo(26516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26516" + }, + { + "name": "20060512 Multiple vulnerabilities in Raydium rev 309", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433930/100/0/threaded" + }, + { + "name": "900", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/900" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2760.json b/2006/2xxx/CVE-2006-2760.json index d087eaff505..c254dadf8b7 100644 --- a/2006/2xxx/CVE-2006-2760.json +++ b/2006/2xxx/CVE-2006-2760.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060529 4nNukeWare<--V 0.91 SQL Injection exploits", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435363/30/0/threaded" - }, - { - "name" : "18184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18184" - }, - { - "name" : "ADV-2006-2061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2061" - }, - { - "name" : "31059", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31059" - }, - { - "name" : "20374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20374" - }, - { - "name" : "4nforum-modules-sql-injection(26729)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060529 4nNukeWare<--V 0.91 SQL Injection exploits", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435363/30/0/threaded" + }, + { + "name": "18184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18184" + }, + { + "name": "4nforum-modules-sql-injection(26729)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26729" + }, + { + "name": "ADV-2006-2061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2061" + }, + { + "name": "31059", + "refsource": "OSVDB", + "url": "http://osvdb.org/31059" + }, + { + "name": "20374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20374" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2823.json b/2006/2xxx/CVE-2006-2823.json index 1797147b29a..b1c5eb3a52f 100644 --- a/2006/2xxx/CVE-2006-2823.json +++ b/2006/2xxx/CVE-2006-2823.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 new bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435746/100/0/threaded" - }, - { - "name" : "ADV-2006-2208", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2208" - }, - { - "name" : "26237", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26237" - }, - { - "name" : "1009549", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009549" - }, - { - "name" : "20485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20485" - }, - { - "name" : "1025", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1025" - }, - { - "name" : "ashopkart-database-file-access(15599)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060602 new bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435746/100/0/threaded" + }, + { + "name": "20485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20485" + }, + { + "name": "1009549", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009549" + }, + { + "name": "1025", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1025" + }, + { + "name": "26237", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26237" + }, + { + "name": "ADV-2006-2208", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2208" + }, + { + "name": "ashopkart-database-file-access(15599)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15599" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3208.json b/2006/3xxx/CVE-2006-3208.json index 82df6c9df37..b66f7bf0414 100644 --- a/2006/3xxx/CVE-2006-3208.json +++ b/2006/3xxx/CVE-2006-3208.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified \"configuration fields\" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437875/100/0/threaded" - }, - { - "name" : "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt", - "refsource" : "MISC", - "url" : "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt" - }, - { - "name" : "1138", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified \"configuration fields\" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt", + "refsource": "MISC", + "url": "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt" + }, + { + "name": "1138", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1138" + }, + { + "name": "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437875/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6124.json b/2006/6xxx/CVE-2006-6124.json index 15d613ab814..1266acd0b04 100644 --- a/2006/6xxx/CVE-2006-6124.json +++ b/2006/6xxx/CVE-2006-6124.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30454", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30454" - }, - { - "name" : "22927", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22927" - }, - { - "name" : "selenium-server-uspecified-xss(30313)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "selenium-server-uspecified-xss(30313)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30313" + }, + { + "name": "22927", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22927" + }, + { + "name": "30454", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30454" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6447.json b/2006/6xxx/CVE-2006-6447.json index fd2ece297d0..b8da3db7d54 100644 --- a/2006/6xxx/CVE-2006-6447.json +++ b/2006/6xxx/CVE-2006-6447.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061203 Vt-Forum Lite System V.1.3 Xss Vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453452/100/0/threaded" - }, - { - "name" : "21428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21428" - }, - { - "name" : "ADV-2006-4850", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4850" - }, - { - "name" : "23226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23226" - }, - { - "name" : "2011", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2011" - }, - { - "name" : "vtforum-multiple-xss(30725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21428" + }, + { + "name": "20061203 Vt-Forum Lite System V.1.3 Xss Vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453452/100/0/threaded" + }, + { + "name": "2011", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2011" + }, + { + "name": "vtforum-multiple-xss(30725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30725" + }, + { + "name": "23226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23226" + }, + { + "name": "ADV-2006-4850", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4850" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6842.json b/2006/6xxx/CVE-2006-6842.json index 87039f52c9a..15680cb9113 100644 --- a/2006/6xxx/CVE-2006-6842.json +++ b/2006/6xxx/CVE-2006-6842.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3033", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3033" - }, - { - "name" : "21805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21805" - }, - { - "name" : "ADV-2007-0009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0009" - }, - { - "name" : "acronym-adminacronyms-sql-injection(31129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3033", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3033" + }, + { + "name": "21805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21805" + }, + { + "name": "ADV-2007-0009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0009" + }, + { + "name": "acronym-adminacronyms-sql-injection(31129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31129" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7148.json b/2006/7xxx/CVE-2006-7148.json index 55d57c592db..5955536c31d 100644 --- a/2006/7xxx/CVE-2006-7148.json +++ b/2006/7xxx/CVE-2006-7148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 maluinfo version 206.2.38l Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448639/100/0/threaded" - }, - { - "name" : "20507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20507" - }, - { - "name" : "2380", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2380" - }, - { - "name" : "maluinfo-bbusage-file-include(29516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20507" + }, + { + "name": "maluinfo-bbusage-file-include(29516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29516" + }, + { + "name": "20061012 maluinfo version 206.2.38l Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448639/100/0/threaded" + }, + { + "name": "2380", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2380" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0212.json b/2011/0xxx/CVE-2011-0212.json index a01687ed3c6..dd467def70f 100644 --- a/2011/0xxx/CVE-2011-0212.json +++ b/2011/0xxx/CVE-2011-0212.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "48445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "48445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48445" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0233.json b/2011/0xxx/CVE-2011-0233.json index fe35a6e7c94..780b07048a8 100644 --- a/2011/0xxx/CVE-2011-0233.json +++ b/2011/0xxx/CVE-2011-0233.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0698.json b/2011/0xxx/CVE-2011-0698.json index 04d63a7e9f7..0a01ba9072c 100644 --- a/2011/0xxx/CVE-2011-0698.json +++ b/2011/0xxx/CVE-2011-0698.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110209 Django multiple flaws (CVEs inside)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/09/6" - }, - { - "name" : "http://www.djangoproject.com/weblog/2011/feb/08/security/", - "refsource" : "CONFIRM", - "url" : "http://www.djangoproject.com/weblog/2011/feb/08/security/" - }, - { - "name" : "MDVSA-2011:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031" - }, - { - "name" : "46296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46296" - }, - { - "name" : "43230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43230" - }, - { - "name" : "ADV-2011-0372", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0372" - }, - { - "name" : "ADV-2011-0439", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0439", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0439" + }, + { + "name": "[oss-security] 20110209 Django multiple flaws (CVEs inside)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/09/6" + }, + { + "name": "43230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43230" + }, + { + "name": "ADV-2011-0372", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0372" + }, + { + "name": "46296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46296" + }, + { + "name": "MDVSA-2011:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031" + }, + { + "name": "http://www.djangoproject.com/weblog/2011/feb/08/security/", + "refsource": "CONFIRM", + "url": "http://www.djangoproject.com/weblog/2011/feb/08/security/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2426.json b/2011/2xxx/CVE-2011-2426.json index 1ac4ecec632..2d5ef6c7131 100644 --- a/2011/2xxx/CVE-2011-2426.json +++ b/2011/2xxx/CVE-2011-2426.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-26.html" - }, - { - "name" : "RHSA-2011:1333", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1333.html" - }, - { - "name" : "SUSE-SU-2011:1063", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html" - }, - { - "name" : "oval:org.mitre.oval:def:14070", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14070" - }, - { - "name" : "oval:org.mitre.oval:def:15366", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15366" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15366", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15366" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "oval:org.mitre.oval:def:14070", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14070" + }, + { + "name": "SUSE-SU-2011:1063", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html" + }, + { + "name": "RHSA-2011:1333", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1333.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-26.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-26.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2602.json b/2011/2xxx/CVE-2011-2602.json index 56bc69e9fb3..621a757b063 100644 --- a/2011/2xxx/CVE-2011-2602.json +++ b/2011/2xxx/CVE-2011-2602.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.contextis.com/resources/blog/webgl/", - "refsource" : "MISC", - "url" : "http://www.contextis.com/resources/blog/webgl/" - }, - { - "name" : "http://www.contextis.com/resources/blog/webgl2/", - "refsource" : "MISC", - "url" : "http://www.contextis.com/resources/blog/webgl2/" - }, - { - "name" : "48319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48319" + }, + { + "name": "http://www.contextis.com/resources/blog/webgl2/", + "refsource": "MISC", + "url": "http://www.contextis.com/resources/blog/webgl2/" + }, + { + "name": "http://www.contextis.com/resources/blog/webgl/", + "refsource": "MISC", + "url": "http://www.contextis.com/resources/blog/webgl/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2750.json b/2011/2xxx/CVE-2011-2750.json index 4ffa2b165d2..b76d94a6656 100644 --- a/2011/2xxx/CVE-2011-2750.json +++ b/2011/2xxx/CVE-2011-2750.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110627 Arbitrary files deletion in Novell File Reporter 1.0.4.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518626/100/0/threaded" - }, - { - "name" : "http://aluigi.org/adv/nfr_2-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/nfr_2-adv.txt" - }, - { - "name" : "1025716", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025716" - }, - { - "name" : "45071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45071" - }, - { - "name" : "8309", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025716", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025716" + }, + { + "name": "45071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45071" + }, + { + "name": "http://aluigi.org/adv/nfr_2-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/nfr_2-adv.txt" + }, + { + "name": "20110627 Arbitrary files deletion in Novell File Reporter 1.0.4.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518626/100/0/threaded" + }, + { + "name": "8309", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8309" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2852.json b/2011/2xxx/CVE-2011-2852.json index 1e9780562af..40bd2461e42 100644 --- a/2011/2xxx/CVE-2011-2852.json +++ b/2011/2xxx/CVE-2011-2852.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=91120", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=91120" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "75553", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75553" - }, - { - "name" : "oval:org.mitre.oval:def:14551", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14551" - }, - { - "name" : "chrome-v8-code-execution(69879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14551", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14551" + }, + { + "name": "chrome-v8-code-execution(69879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69879" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=91120", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=91120" + }, + { + "name": "75553", + "refsource": "OSVDB", + "url": "http://osvdb.org/75553" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2954.json b/2011/2xxx/CVE-2011-2954.json index 05185a73b24..c92f53102f8 100644 --- a/2011/2xxx/CVE-2011-2954.json +++ b/2011/2xxx/CVE-2011-2954.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/08162011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/08162011_player/en/" - }, - { - "name" : "1025943", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025943", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025943" + }, + { + "name": "http://service.real.com/realplayer/security/08162011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/08162011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2961.json b/2011/2xxx/CVE-2011-2961.json index bd3a4b931c8..ecec0f81382 100644 --- a/2011/2xxx/CVE-2011-2961.json +++ b/2011/2xxx/CVE-2011-2961.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cnvd.org.cn/vulnerability/CNVD-2011-05348", - "refsource" : "MISC", - "url" : "http://www.cnvd.org.cn/vulnerability/CNVD-2011-05348" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-167-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-167-01.pdf" - }, - { - "name" : "http://www.sunwayland.com.cn/news_info_.asp?Nid=3593", - "refsource" : "CONFIRM", - "url" : "http://www.sunwayland.com.cn/news_info_.asp?Nid=3593" - }, - { - "name" : "73123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/73123" - }, - { - "name" : "1025673", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025673" - }, - { - "name" : "44990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-167-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-167-01.pdf" + }, + { + "name": "1025673", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025673" + }, + { + "name": "73123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/73123" + }, + { + "name": "http://www.cnvd.org.cn/vulnerability/CNVD-2011-05348", + "refsource": "MISC", + "url": "http://www.cnvd.org.cn/vulnerability/CNVD-2011-05348" + }, + { + "name": "44990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44990" + }, + { + "name": "http://www.sunwayland.com.cn/news_info_.asp?Nid=3593", + "refsource": "CONFIRM", + "url": "http://www.sunwayland.com.cn/news_info_.asp?Nid=3593" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3509.json b/2011/3xxx/CVE-2011-3509.json index bf7e9cccc93..6c7f650d3cf 100644 --- a/2011/3xxx/CVE-2011-3509.json +++ b/2011/3xxx/CVE-2011-3509.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3524." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3524." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3602.json b/2011/3xxx/CVE-2011-3602.json index 39bc56d6881..5dc9a4033cc 100644 --- a/2011/3xxx/CVE-2011-3602.json +++ b/2011/3xxx/CVE-2011-3602.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111007 radvd 1.8.2 released with security fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/06/3" - }, - { - "name" : "http://www.litech.org/radvd/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://www.litech.org/radvd/CHANGES" - }, - { - "name" : "https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc", - "refsource" : "CONFIRM", - "url" : "https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc" - }, - { - "name" : "DSA-2323", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2323" - }, - { - "name" : "USN-1257-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1257-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111007 radvd 1.8.2 released with security fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/06/3" + }, + { + "name": "DSA-2323", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2323" + }, + { + "name": "https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc", + "refsource": "CONFIRM", + "url": "https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc" + }, + { + "name": "http://www.litech.org/radvd/CHANGES", + "refsource": "CONFIRM", + "url": "http://www.litech.org/radvd/CHANGES" + }, + { + "name": "USN-1257-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1257-1" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3689.json b/2011/3xxx/CVE-2011-3689.json index 9fdd0dc669b..3f6783d61ce 100644 --- a/2011/3xxx/CVE-2011-3689.json +++ b/2011/3xxx/CVE-2011-3689.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/CodeMeter-WebAdmin.html", - "refsource" : "MISC", - "url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/CodeMeter-WebAdmin.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/CodeMeter-WebAdmin.html", + "refsource": "MISC", + "url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/CodeMeter-WebAdmin.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3971.json b/2011/3xxx/CVE-2011-3971.json index a5d46a9f729..73b162eef81 100644 --- a/2011/3xxx/CVE-2011-3971.json +++ b/2011/3xxx/CVE-2011-3971.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=110374", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=110374" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:14960", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "oval:org.mitre.oval:def:14960", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14960" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=110374", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=110374" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4098.json b/2011/4xxx/CVE-2011-4098.json index 8d09a506b28..bcfc2466ff7 100644 --- a/2011/4xxx/CVE-2011-4098.json +++ b/2011/4xxx/CVE-2011-4098.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[cluster-devel] 20110912 [PATCH] GFS2: rewrite fallocate code to write blocks directly", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/cluster-devel/2011-September/msg00064.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64dd153c83743af81f20924c6343652d731eeecb", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64dd153c83743af81f20924c6343652d731eeecb" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2" - }, - { - "name" : "https://github.com/torvalds/linux/commit/64dd153c83743af81f20924c6343652d731eeecb", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/64dd153c83743af81f20924c6343652d731eeecb" - }, - { - "name" : "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=fadca7bdc43b02f518585d9547019966415cadfd", - "refsource" : "CONFIRM", - "url" : "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=fadca7bdc43b02f518585d9547019966415cadfd" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64dd153c83743af81f20924c6343652d731eeecb", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64dd153c83743af81f20924c6343652d731eeecb" + }, + { + "name": "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=fadca7bdc43b02f518585d9547019966415cadfd", + "refsource": "CONFIRM", + "url": "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=fadca7bdc43b02f518585d9547019966415cadfd" + }, + { + "name": "[cluster-devel] 20110912 [PATCH] GFS2: rewrite fallocate code to write blocks directly", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/cluster-devel/2011-September/msg00064.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/64dd153c83743af81f20924c6343652d731eeecb", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/64dd153c83743af81f20924c6343652d731eeecb" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4251.json b/2011/4xxx/CVE-2011-4251.json index 738d842814c..bd4de6c9ab8 100644 --- a/2011/4xxx/CVE-2011-4251.json +++ b/2011/4xxx/CVE-2011-4251.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/11182011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/11182011_player/en/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/11182011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/11182011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4460.json b/2011/4xxx/CVE-2011-4460.json index 6f57772a338..c67357568d4 100644 --- a/2011/4xxx/CVE-2011-4460.json +++ b/2011/4xxx/CVE-2011-4460.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20120522 RT 3.8.12 Released - Security Release", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html" - }, - { - "name" : "[rt-announce] 20120522 RT 4.0.6 Released - Security Release", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html" - }, - { - "name" : "[rt-announce] 20120522 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html" - }, - { - "name" : "53660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53660" - }, - { - "name" : "82136", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82136" - }, - { - "name" : "49259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49259" - }, - { - "name" : "rt-unspecified-sql-injection(75824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html" + }, + { + "name": "49259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49259" + }, + { + "name": "82136", + "refsource": "OSVDB", + "url": "http://osvdb.org/82136" + }, + { + "name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html" + }, + { + "name": "rt-unspecified-sql-injection(75824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75824" + }, + { + "name": "[rt-announce] 20120522 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html" + }, + { + "name": "53660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53660" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1030.json b/2013/1xxx/CVE-2013-1030.json index 0ad679861a6..42e7887583b 100644 --- a/2013/1xxx/CVE-2013-1030.json +++ b/2013/1xxx/CVE-2013-1030.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1257.json b/2013/1xxx/CVE-2013-1257.json index dabe52c88b6..71660b23c67 100644 --- a/2013/1xxx/CVE-2013-1257.json +++ b/2013/1xxx/CVE-2013-1257.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-016", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16176", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-016", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" + }, + { + "name": "oval:org.mitre.oval:def:16176", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16176" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1380.json b/2013/1xxx/CVE-2013-1380.json index fbb9ed8e9d4..7fb7e9be56a 100644 --- a/2013/1xxx/CVE-2013-1380.json +++ b/2013/1xxx/CVE-2013-1380.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-1380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-11.html" - }, - { - "name" : "HPSBMU02948", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139455789818399&w=2" - }, - { - "name" : "RHSA-2013:0730", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0730.html" - }, - { - "name" : "SUSE-SU-2013:0670", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html" - }, - { - "name" : "openSUSE-SU-2013:0672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html" - }, - { - "name" : "openSUSE-SU-2013:0675", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0670", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-11.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-11.html" + }, + { + "name": "HPSBMU02948", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139455789818399&w=2" + }, + { + "name": "RHSA-2013:0730", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0730.html" + }, + { + "name": "openSUSE-SU-2013:0672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html" + }, + { + "name": "openSUSE-SU-2013:0675", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1647.json b/2013/1xxx/CVE-2013-1647.json index 3417d69b22f..43d5e3a590f 100644 --- a/2013/1xxx/CVE-2013-1647.json +++ b/2013/1xxx/CVE-2013-1647.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130313 Open-Xchange Security Advisory 2013-03-13", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130313 Open-Xchange Security Advisory 2013-03-13", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5350.json b/2013/5xxx/CVE-2013-5350.json index 823d5166931..ea68cf508fc 100644 --- a/2013/5xxx/CVE-2013-5350.json +++ b/2013/5xxx/CVE-2013-5350.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-5350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2014-1/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2014-1/" - }, - { - "name" : "https://www.openpne.jp/archives/12293/", - "refsource" : "CONFIRM", - "url" : "https://www.openpne.jp/archives/12293/" - }, - { - "name" : "JVN#69986880", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN69986880/index.html" - }, - { - "name" : "JVNDB-2014-000009", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009" - }, - { - "name" : "54043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openpne.jp/archives/12293/", + "refsource": "CONFIRM", + "url": "https://www.openpne.jp/archives/12293/" + }, + { + "name": "JVN#69986880", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN69986880/index.html" + }, + { + "name": "54043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54043" + }, + { + "name": "http://secunia.com/secunia_research/2014-1/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2014-1/" + }, + { + "name": "JVNDB-2014-000009", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5828.json b/2013/5xxx/CVE-2013-5828.json index 5df9d334fc1..cd916b65348 100644 --- a/2013/5xxx/CVE-2013-5828.json +++ b/2013/5xxx/CVE-2013-5828.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Storage Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "55322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Storage Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55322" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5831.json b/2013/5xxx/CVE-2013-5831.json index f987ae481bc..29d1b6b6dc5 100644 --- a/2013/5xxx/CVE-2013-5831.json +++ b/2013/5xxx/CVE-2013-5831.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://support.apple.com/kb/HT5982", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5982" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "APPLE-SA-2013-10-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" - }, - { - "name" : "HPSBUX02943", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674031212883&w=2" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "RHSA-2013:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" - }, - { - "name" : "RHSA-2013:1793", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "63129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63129" - }, - { - "name" : "oval:org.mitre.oval:def:19122", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19122" - }, - { - "name" : "56338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "63129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63129" + }, + { + "name": "RHSA-2013:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "HPSBUX02943", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19122", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19122" + }, + { + "name": "RHSA-2013:1793", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "APPLE-SA-2013-10-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "http://support.apple.com/kb/HT5982", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5982" + }, + { + "name": "56338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56338" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2120.json b/2014/2xxx/CVE-2014-2120.json index 5ab756a26db..b50db2c6468 100644 --- a/2014/2xxx/CVE-2014-2120.json +++ b/2014/2xxx/CVE-2014-2120.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120" - }, - { - "name" : "66290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66290" - }, - { - "name" : "1029935", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029935", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029935" + }, + { + "name": "20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120" + }, + { + "name": "66290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66290" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2144.json b/2014/2xxx/CVE-2014-2144.json index 1117749195a..a969df8d547 100644 --- a/2014/2xxx/CVE-2014-2144.json +++ b/2014/2xxx/CVE-2014-2144.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140404 Cisco IOS XR Software ICMPv6 Redirect Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140404 Cisco IOS XR Software ICMPv6 Redirect Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2144" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2147.json b/2014/2xxx/CVE-2014-2147.json index fc873261944..01757b9e881 100644 --- a/2014/2xxx/CVE-2014-2147.json +++ b/2014/2xxx/CVE-2014-2147.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCuj42444." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37419", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37419" - }, - { - "name" : "20150209 Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2147" - }, - { - "name" : "72551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72551" - }, - { - "name" : "1031715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031715" - }, - { - "name" : "cisco-prime-cve20142147-xfs(100755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCuj42444." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37419", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37419" + }, + { + "name": "20150209 Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2147" + }, + { + "name": "72551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72551" + }, + { + "name": "cisco-prime-cve20142147-xfs(100755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100755" + }, + { + "name": "1031715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031715" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2299.json b/2014/2xxx/CVE-2014-2299.json index 0c589e841c6..b147b0dc63c 100644 --- a/2014/2xxx/CVE-2014-2299.json +++ b/2014/2xxx/CVE-2014-2299.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33069", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33069" - }, - { - "name" : "http://packetstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2014-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2014-04.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09" - }, - { - "name" : "DSA-2871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2871" - }, - { - "name" : "RHSA-2014:0341", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html" - }, - { - "name" : "RHSA-2014:0342", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0342.html" - }, - { - "name" : "openSUSE-SU-2014:0382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" - }, - { - "name" : "openSUSE-SU-2014:0383", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" - }, - { - "name" : "66066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66066" - }, - { - "name" : "104199", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/104199" - }, - { - "name" : "1029907", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029907" - }, - { - "name" : "57480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57480" - }, - { - "name" : "57489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.html" + }, + { + "name": "104199", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/104199" + }, + { + "name": "57489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57489" + }, + { + "name": "RHSA-2014:0341", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html" + }, + { + "name": "57480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57480" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2014-04.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2014-04.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843" + }, + { + "name": "33069", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33069" + }, + { + "name": "openSUSE-SU-2014:0382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09" + }, + { + "name": "1029907", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029907" + }, + { + "name": "openSUSE-SU-2014:0383", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" + }, + { + "name": "DSA-2871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2871" + }, + { + "name": "RHSA-2014:0342", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html" + }, + { + "name": "66066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66066" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2814.json b/2014/2xxx/CVE-2014-2814.json index dc8fe6ca7e5..56a160d1b26 100644 --- a/2014/2xxx/CVE-2014-2814.json +++ b/2014/2xxx/CVE-2014-2814.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka \"Service Bus Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-042" - }, - { - "name" : "297262", - "refsource" : "MSKB", - "url" : "https://support.microsoft.com/kb/2972621" - }, - { - "name" : "68393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68393" - }, - { - "name" : "1030538", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030538" - }, - { - "name" : "59780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka \"Service Bus Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59780" + }, + { + "name": "68393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68393" + }, + { + "name": "1030538", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030538" + }, + { + "name": "297262", + "refsource": "MSKB", + "url": "https://support.microsoft.com/kb/2972621" + }, + { + "name": "MS14-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-042" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6344.json b/2014/6xxx/CVE-2014-6344.json index b704d1a59f5..e81ddb5e081 100644 --- a/2014/6xxx/CVE-2014-6344.json +++ b/2014/6xxx/CVE-2014-6344.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" - }, - { - "name" : "70346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70346" - }, - { - "name" : "1031185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031185" + }, + { + "name": "70346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70346" + }, + { + "name": "MS14-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6468.json b/2014/6xxx/CVE-2014-6468.json index c4197682fb5..262521a7e97 100644 --- a/2014/6xxx/CVE-2014-6468.json +++ b/2014/6xxx/CVE-2014-6468.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1636", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1636" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "RHSA-2014:1636", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1636.html" - }, - { - "name" : "70488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70488" - }, - { - "name" : "60416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60416" - }, - { - "name" : "61609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61609" - }, - { - "name" : "61928", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61609" + }, + { + "name": "61928", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61928" + }, + { + "name": "70488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70488" + }, + { + "name": "60416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60416" + }, + { + "name": "RHSA-2014:1636", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1636.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1636", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1636" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6575.json b/2014/6xxx/CVE-2014-6575.json index 64f24689ee2..33f7e1f5ad5 100644 --- a/2014/6xxx/CVE-2014-6575.json +++ b/2014/6xxx/CVE-2014-6575.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031583" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6791.json b/2014/6xxx/CVE-2014-6791.json index 9956a5b8e2b..095041f4092 100644 --- a/2014/6xxx/CVE-2014-6791.json +++ b/2014/6xxx/CVE-2014-6791.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd.app) application 1.2.6.185 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#322809", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/322809" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd.app) application 1.2.6.185 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#322809", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/322809" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0134.json b/2017/0xxx/CVE-2017-0134.json index 7bfe5be532a..6a5b9b96dd4 100644 --- a/2017/0xxx/CVE-2017-0134.json +++ b/2017/0xxx/CVE-2017-0134.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Browser" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Browser" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0134", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0134" - }, - { - "name" : "96687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96687" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0134", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0134" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + }, + { + "name": "96687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96687" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0468.json b/2017/0xxx/CVE-2017-0468.json index 0843b833c82..8b933756866 100644 --- a/2017/0xxx/CVE-2017-0468.json +++ b/2017/0xxx/CVE-2017-0468.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96717" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96717" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0989.json b/2017/0xxx/CVE-2017-0989.json index ea15ad2b773..f163f0d7ac6 100644 --- a/2017/0xxx/CVE-2017-0989.json +++ b/2017/0xxx/CVE-2017-0989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16461.json b/2017/16xxx/CVE-2017-16461.json index e82d34f2134..4fec0b5f440 100644 --- a/2017/16xxx/CVE-2017-16461.json +++ b/2017/16xxx/CVE-2017-16461.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16461", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16461", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1008.json b/2017/1xxx/CVE-2017-1008.json index 841e8d84109..acb245ebeaa 100644 --- a/2017/1xxx/CVE-2017-1008.json +++ b/2017/1xxx/CVE-2017-1008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1344.json b/2017/1xxx/CVE-2017-1344.json index ed1601b8714..06ccd44306e 100644 --- a/2017/1xxx/CVE-2017-1344.json +++ b/2017/1xxx/CVE-2017-1344.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1344", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1344", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1758.json b/2017/1xxx/CVE-2017-1758.json index f6b64147521..fb14a9ede1f 100644 --- a/2017/1xxx/CVE-2017-1758.json +++ b/2017/1xxx/CVE-2017-1758.json @@ -1,133 +1,133 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-02-19T00:00:00", - "ID" : "CVE-2017-1758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Control Center", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.1.1" - } - ] - } - }, - { - "product_name" : "Financial Transaction Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.2" - }, - { - "version_value" : "3.0.2.0" - }, - { - "version_value" : "3.0.2.1" - }, - { - "version_value" : "3.0.4" - }, - { - "version_value" : "3.0.4.0" - }, - { - "version_value" : "3.1.0" - }, - { - "version_value" : "3.1.0.0" - }, - { - "version_value" : "3.0.3" - }, - { - "version_value" : "3.0.3.0" - } - ] - } - }, - { - "product_name" : "Transformation Extender Advanced", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-02-19T00:00:00", + "ID": "CVE-2017-1758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Control Center", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.1.1" + } + ] + } + }, + { + "product_name": "Financial Transaction Manager", + "version": { + "version_data": [ + { + "version_value": "3.0.2" + }, + { + "version_value": "3.0.2.0" + }, + { + "version_value": "3.0.2.1" + }, + { + "version_value": "3.0.4" + }, + { + "version_value": "3.0.4.0" + }, + { + "version_value": "3.1.0" + }, + { + "version_value": "3.1.0.0" + }, + { + "version_value": "3.0.3" + }, + { + "version_value": "3.0.3.0" + } + ] + } + }, + { + "product_name": "Transformation Extender Advanced", + "version": { + "version_data": [ + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135859", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135859" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013375", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013375" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012828", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012828" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013432", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013432" - }, - { - "name" : "103130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135859", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135859" + }, + { + "name": "103130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103130" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013432", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013432" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012828", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012828" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013375", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013375" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1820.json b/2017/1xxx/CVE-2017-1820.json index 026d48f70ca..5f991cc1c17 100644 --- a/2017/1xxx/CVE-2017-1820.json +++ b/2017/1xxx/CVE-2017-1820.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1820", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1820", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4084.json b/2017/4xxx/CVE-2017-4084.json index 08e086981af..98d676eec1e 100644 --- a/2017/4xxx/CVE-2017-4084.json +++ b/2017/4xxx/CVE-2017-4084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4084", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4084", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4286.json b/2017/4xxx/CVE-2017-4286.json index 378f745edcf..379747a8665 100644 --- a/2017/4xxx/CVE-2017-4286.json +++ b/2017/4xxx/CVE-2017-4286.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4286", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4286", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4372.json b/2017/4xxx/CVE-2017-4372.json index bd06016a14b..06222e3afc7 100644 --- a/2017/4xxx/CVE-2017-4372.json +++ b/2017/4xxx/CVE-2017-4372.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4372", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4372", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4432.json b/2017/4xxx/CVE-2017-4432.json index cfd5bb0864e..ec56b8ed75a 100644 --- a/2017/4xxx/CVE-2017-4432.json +++ b/2017/4xxx/CVE-2017-4432.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4432", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4432", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4482.json b/2017/4xxx/CVE-2017-4482.json index 9683e1905de..a80bbcfbd8e 100644 --- a/2017/4xxx/CVE-2017-4482.json +++ b/2017/4xxx/CVE-2017-4482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4482", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4482", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file