diff --git a/2006/2xxx/CVE-2006-2124.json b/2006/2xxx/CVE-2006-2124.json index ec1009e3d27..98efa652ad1 100644 --- a/2006/2xxx/CVE-2006-2124.json +++ b/2006/2xxx/CVE-2006-2124.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/05/sunshop-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/05/sunshop-xss-vuln.html" - }, - { - "name" : "17770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17770" - }, - { - "name" : "ADV-2006-1582", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1582" - }, - { - "name" : "25119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25119" - }, - { - "name" : "19871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19871" - }, - { - "name" : "sunshop-multiple-parameters-xss(26180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17770" + }, + { + "name": "sunshop-multiple-parameters-xss(26180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26180" + }, + { + "name": "http://pridels0.blogspot.com/2006/05/sunshop-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/05/sunshop-xss-vuln.html" + }, + { + "name": "ADV-2006-1582", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1582" + }, + { + "name": "19871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19871" + }, + { + "name": "25119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25119" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2728.json b/2006/2xxx/CVE-2006-2728.json index 6f04c970a78..a23ad6e70a4 100644 --- a/2006/2xxx/CVE-2006-2728.json +++ b/2006/2xxx/CVE-2006-2728.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Xss exploit in Photoalbum B&W v1.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435294/100/0/threaded" - }, - { - "name" : "18142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18142" - }, - { - "name" : "ADV-2006-2051", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2051" - }, - { - "name" : "20336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20336" - }, - { - "name" : "1004", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1004" - }, - { - "name" : "photoalbumbw-index-xss(26750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2051", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2051" + }, + { + "name": "1004", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1004" + }, + { + "name": "18142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18142" + }, + { + "name": "20336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20336" + }, + { + "name": "20060528 Xss exploit in Photoalbum B&W v1.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435294/100/0/threaded" + }, + { + "name": "photoalbumbw-index-xss(26750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26750" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3075.json b/2006/3xxx/CVE-2006-3075.json index 7900189f13a..8ea3c743a06 100644 --- a/2006/3xxx/CVE-2006-3075.json +++ b/2006/3xxx/CVE-2006-3075.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060615 PictureDis Products \"lang\" Parameter File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437449/100/100/threaded" - }, - { - "name" : "18471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18471" - }, - { - "name" : "ADV-2006-2352", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2352" - }, - { - "name" : "26500", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26500" - }, - { - "name" : "26501", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26501" - }, - { - "name" : "26502", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26502" - }, - { - "name" : "1016279", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016279" - }, - { - "name" : "20656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20656" - }, - { - "name" : "picturedis-lang-file-include(27183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "picturedis-lang-file-include(27183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27183" + }, + { + "name": "20060615 PictureDis Products \"lang\" Parameter File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437449/100/100/threaded" + }, + { + "name": "26502", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26502" + }, + { + "name": "18471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18471" + }, + { + "name": "ADV-2006-2352", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2352" + }, + { + "name": "26500", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26500" + }, + { + "name": "1016279", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016279" + }, + { + "name": "26501", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26501" + }, + { + "name": "20656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20656" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3378.json b/2006/3xxx/CVE-2006-3378.json index 427bc302dc3..3135d5b13ca 100644 --- a/2006/3xxx/CVE-2006-3378.json +++ b/2006/3xxx/CVE-2006-3378.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1150", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1150" - }, - { - "name" : "USN-308-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-308-1" - }, - { - "name" : "18850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18850" - }, - { - "name" : "26995", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26995" - }, - { - "name" : "20966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20966" - }, - { - "name" : "20950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20950" - }, - { - "name" : "21480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21480" + }, + { + "name": "26995", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26995" + }, + { + "name": "DSA-1150", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1150" + }, + { + "name": "USN-308-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-308-1" + }, + { + "name": "18850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18850" + }, + { + "name": "20966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20966" + }, + { + "name": "20950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20950" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3415.json b/2006/3xxx/CVE-2006-3415.json index ca0c484c58f..96b64b19d63 100644 --- a/2006/3xxx/CVE-2006-3415.json +++ b/2006/3xxx/CVE-2006-3415.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.1.1.20 uses improper logic to validate the \"OR\" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tor.eff.org/cvs/tor/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://tor.eff.org/cvs/tor/ChangeLog" - }, - { - "name" : "GLSA-200606-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml" - }, - { - "name" : "25878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25878" - }, - { - "name" : "20514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.1.1.20 uses improper logic to validate the \"OR\" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20514" + }, + { + "name": "GLSA-200606-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200606-04.xml" + }, + { + "name": "http://tor.eff.org/cvs/tor/ChangeLog", + "refsource": "CONFIRM", + "url": "http://tor.eff.org/cvs/tor/ChangeLog" + }, + { + "name": "25878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25878" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3530.json b/2006/3xxx/CVE-2006-3530.json index 57ec5f6d4bc..fc7d5890d65 100644 --- a/2006/3xxx/CVE-2006-3530.json +++ b/2006/3xxx/CVE-2006-3530.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060710 [ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439618/100/0/threaded" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv37-matdhule-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv37-matdhule-2006.txt" - }, - { - "name" : "2024", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2024" - }, - { - "name" : "18919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18919" - }, - { - "name" : "ADV-2006-2739", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2739" - }, - { - "name" : "21015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21015" - }, - { - "name" : "1215", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1215" - }, - { - "name" : "pccookbook-pccookbook-file-include(27641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2739", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2739" + }, + { + "name": "1215", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1215" + }, + { + "name": "21015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21015" + }, + { + "name": "pccookbook-pccookbook-file-include(27641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27641" + }, + { + "name": "18919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18919" + }, + { + "name": "http://advisories.echo.or.id/adv/adv37-matdhule-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv37-matdhule-2006.txt" + }, + { + "name": "20060710 [ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439618/100/0/threaded" + }, + { + "name": "2024", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2024" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3701.json b/2006/3xxx/CVE-2006-3701.json index 39124c091f9..9c9f217a41f 100644 --- a/2006/3xxx/CVE-2006-3701.json +++ b/2006/3xxx/CVE-2006-3701.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3722.json b/2006/3xxx/CVE-2006-3722.json index a3c1aab7041..2dc3ba76ca4 100644 --- a/2006/3xxx/CVE-2006-3722.json +++ b/2006/3xxx/CVE-2006-3722.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4200.json b/2006/4xxx/CVE-2006-4200.json index ac3b01423f4..126cd7ca30e 100644 --- a/2006/4xxx/CVE-2006-4200.json +++ b/2006/4xxx/CVE-2006-4200.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.soft3304.net/04WebServer/Security.html", - "refsource" : "CONFIRM", - "url" : "http://www.soft3304.net/04WebServer/Security.html" - }, - { - "name" : "19496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19496" - }, - { - "name" : "21504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21504" - }, - { - "name" : "04webserver-user-id-bypass(28355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "04webserver-user-id-bypass(28355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28355" + }, + { + "name": "19496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19496" + }, + { + "name": "http://www.soft3304.net/04WebServer/Security.html", + "refsource": "CONFIRM", + "url": "http://www.soft3304.net/04WebServer/Security.html" + }, + { + "name": "21504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21504" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4497.json b/2006/4xxx/CVE-2006-4497.json index c0612689689..e995fb3be52 100644 --- a/2006/4xxx/CVE-2006-4497.json +++ b/2006/4xxx/CVE-2006-4497.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 IwebNegar v1.1 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444744/100/0/threaded" - }, - { - "name" : "19757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19757" - }, - { - "name" : "1480", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1480" - }, - { - "name" : "iwebnegar-comments-sql-injection(28665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iwebnegar-comments-sql-injection(28665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28665" + }, + { + "name": "19757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19757" + }, + { + "name": "20060830 IwebNegar v1.1 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444744/100/0/threaded" + }, + { + "name": "1480", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1480" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6113.json b/2006/6xxx/CVE-2006-6113.json index 4852aae49ba..1411f207103 100644 --- a/2006/6xxx/CVE-2006-6113.json +++ b/2006/6xxx/CVE-2006-6113.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061128 Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452994/100/0/threaded" - }, - { - "name" : "20061128 Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050969.html" - }, - { - "name" : "http://www.netvigilance.com/advisory0009", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0009" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1603389&group_id=165094&atid=834302", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1603389&group_id=165094&atid=834302" - }, - { - "name" : "30683", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30683" - }, - { - "name" : "30684", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061128 Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050969.html" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1603389&group_id=165094&atid=834302", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1603389&group_id=165094&atid=834302" + }, + { + "name": "http://www.netvigilance.com/advisory0009", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0009" + }, + { + "name": "30683", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30683" + }, + { + "name": "20061128 Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452994/100/0/threaded" + }, + { + "name": "30684", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30684" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6759.json b/2006/6xxx/CVE-2006-6759.json index 1ad0a76fbfb..f3fd0fc284a 100644 --- a/2006/6xxx/CVE-2006-6759.json +++ b/2006/6xxx/CVE-2006-6759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21689.html", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21689.html" - }, - { - "name" : "2966", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2966" - }, - { - "name" : "21689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21689" - }, - { - "name" : "realplayer-rpau3260dll-dos(31138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/21689.html", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/21689.html" + }, + { + "name": "realplayer-rpau3260dll-dos(31138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31138" + }, + { + "name": "2966", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2966" + }, + { + "name": "21689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21689" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6895.json b/2006/6xxx/CVE-2006-6895.json index 79989268a2e..a66966b3b23 100644 --- a/2006/6xxx/CVE-2006-6895.json +++ b/2006/6xxx/CVE-2006-6895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bluetooth stack in the Sony Ericsson T60 does not properly implement \"Limited discoverable\" mode, which allows remote attackers to obtain unauthorized inquiry responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded" - }, - { - "name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", - "refsource" : "MISC", - "url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf" - }, - { - "name" : "37585", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth stack in the Sony Ericsson T60 does not properly implement \"Limited discoverable\" mode, which allows remote attackers to obtain unauthorized inquiry responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", + "refsource": "MISC", + "url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf" + }, + { + "name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded" + }, + { + "name": "37585", + "refsource": "OSVDB", + "url": "http://osvdb.org/37585" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7080.json b/2006/7xxx/CVE-2006-7080.json index a0380281535..b0a2c0ce4f0 100644 --- a/2006/7xxx/CVE-2006-7080.json +++ b/2006/7xxx/CVE-2006-7080.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via \"..\" sequences in the old_avatar parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2415", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2415" - }, - { - "name" : "20161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20161" - }, - { - "name" : "exv2-avatar-directory-traversal(29130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via \"..\" sequences in the old_avatar parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2415", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2415" + }, + { + "name": "20161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20161" + }, + { + "name": "exv2-avatar-directory-traversal(29130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29130" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2181.json b/2010/2xxx/CVE-2010-2181.json index 2c65e58891a..f955bd0759a 100644 --- a/2010/2xxx/CVE-2010-2181.json +++ b/2010/2xxx/CVE-2010-2181.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "RHSA-2010:0464", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html" - }, - { - "name" : "RHSA-2010:0470", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html" - }, - { - "name" : "SUSE-SA:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "TLSA-2010-19", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" - }, - { - "name" : "TA10-162A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" - }, - { - "name" : "40759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40759" - }, - { - "name" : "40792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40792" - }, - { - "name" : "oval:org.mitre.oval:def:7342", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7342" - }, - { - "name" : "oval:org.mitre.oval:def:15937", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15937" - }, - { - "name" : "1024085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024085" - }, - { - "name" : "1024086", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024086" - }, - { - "name" : "40144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40144" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-1453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1453" - }, - { - "name" : "ADV-2010-1421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1421" - }, - { - "name" : "ADV-2010-1432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1432" - }, - { - "name" : "ADV-2010-1434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1434" - }, - { - "name" : "ADV-2010-1482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1482" - }, - { - "name" : "ADV-2010-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1522" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - }, - { - "name" : "adobe-air-overflow(59330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "ADV-2010-1421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1421" + }, + { + "name": "40792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40792" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "adobe-air-overflow(59330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59330" + }, + { + "name": "RHSA-2010:0464", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "ADV-2010-1432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1432" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "TA10-162A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "40759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40759" + }, + { + "name": "1024085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024085" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "1024086", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024086" + }, + { + "name": "oval:org.mitre.oval:def:15937", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15937" + }, + { + "name": "ADV-2010-1434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1434" + }, + { + "name": "TLSA-2010-19", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SUSE-SA:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" + }, + { + "name": "40144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40144" + }, + { + "name": "RHSA-2010:0470", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html" + }, + { + "name": "ADV-2010-1482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1482" + }, + { + "name": "oval:org.mitre.oval:def:7342", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7342" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "ADV-2010-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1522" + }, + { + "name": "ADV-2010-1453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1453" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2779.json b/2010/2xxx/CVE-2010-2779.json index 23b85703944..219496220a9 100644 --- a/2010/2xxx/CVE-2010-2779.json +++ b/2010/2xxx/CVE-2010-2779.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to \"replies.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-135/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-135/" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7006376&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7006376&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=599867", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=599867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to \"replies.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=599867", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=599867" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-135/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-135/" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7006376&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7006376&sliceId=1" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2821.json b/2010/2xxx/CVE-2010-2821.json index 7dc1a9361b8..51b7f44e323 100644 --- a/2010/2xxx/CVE-2010-2821.json +++ b/2010/2xxx/CVE-2010-2821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) with software 3.2 before 3.2(17.2), 4.0 before 4.0(11.1), and 4.1 before 4.1(1.2) for Catalyst 6500 series switches and 7600 series routers, when multi-mode is enabled, allows remote attackers to cause a denial of service (device reload) via crafted (1) Telnet, (2) SSH, or (3) ASDM traffic over TCP, aka Bug ID CSCtg68694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100804 Multiple Vulnerabilities in Cisco Firewall Services Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f130.shtml" - }, - { - "name" : "40843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) with software 3.2 before 3.2(17.2), 4.0 before 4.0(11.1), and 4.1 before 4.1(1.2) for Catalyst 6500 series switches and 7600 series routers, when multi-mode is enabled, allows remote attackers to cause a denial of service (device reload) via crafted (1) Telnet, (2) SSH, or (3) ASDM traffic over TCP, aka Bug ID CSCtg68694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40843" + }, + { + "name": "20100804 Multiple Vulnerabilities in Cisco Firewall Services Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f130.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0125.json b/2011/0xxx/CVE-2011-0125.json index c624ba6c06d..66628ec8a61 100644 --- a/2011/0xxx/CVE-2011-0125.json +++ b/2011/0xxx/CVE-2011-0125.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:17092", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:17092", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17092" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0683.json b/2011/0xxx/CVE-2011-0683.json index 1a395532a35..23624f12077 100644 --- a/2011/0xxx/CVE-2011-0683.json +++ b/2011/0xxx/CVE-2011-0683.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1101/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1101/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1101/" - }, - { - "name" : "http://www.opera.com/support/kb/view/983/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/983/" - }, - { - "name" : "46036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46036" - }, - { - "name" : "70729", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70729" - }, - { - "name" : "oval:org.mitre.oval:def:11641", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11641" - }, - { - "name" : "43023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43023" - }, - { - "name" : "ADV-2011-0231", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1101/" + }, + { + "name": "oval:org.mitre.oval:def:11641", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11641" + }, + { + "name": "http://www.opera.com/support/kb/view/983/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/983/" + }, + { + "name": "ADV-2011-0231", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0231" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1101/" + }, + { + "name": "46036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46036" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1101/" + }, + { + "name": "70729", + "refsource": "OSVDB", + "url": "http://osvdb.org/70729" + }, + { + "name": "43023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43023" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0896.json b/2011/0xxx/CVE-2011-0896.json index ef1763c9b9e..f4bfa4a0845 100644 --- a/2011/0xxx/CVE-2011-0896.json +++ b/2011/0xxx/CVE-2011-0896.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02653", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130270782702556&w=2" - }, - { - "name" : "SSRT100310", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130270782702556&w=2" - }, - { - "name" : "47325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47325" - }, - { - "name" : "1025326", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025326" - }, - { - "name" : "44096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44096" - }, - { - "name" : "8201", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8201" - }, - { - "name" : "ADV-2011-0935", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0935" - }, - { - "name" : "hpux-nfsoncplus-unspec-dos(66689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47325" + }, + { + "name": "44096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44096" + }, + { + "name": "8201", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8201" + }, + { + "name": "SSRT100310", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130270782702556&w=2" + }, + { + "name": "HPSBUX02653", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130270782702556&w=2" + }, + { + "name": "ADV-2011-0935", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0935" + }, + { + "name": "hpux-nfsoncplus-unspec-dos(66689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66689" + }, + { + "name": "1025326", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025326" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1097.json b/2011/1xxx/CVE-2011-1097.json index 60c0bf109ac..0b425f7c39c 100644 --- a/2011/1xxx/CVE-2011-1097.json +++ b/2011/1xxx/CVE-2011-1097.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rsync] 20110122 rsync -rcv printing out filenames when content identical", - "refsource" : "MLIST", - "url" : "http://lists.samba.org/archive/rsync/2011-January/025988.html" - }, - { - "name" : "http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6", - "refsource" : "CONFIRM", - "url" : "http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6" - }, - { - "name" : "http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS", - "refsource" : "CONFIRM", - "url" : "http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=675036", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=675036" - }, - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=7936", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=7936" - }, - { - "name" : "FEDORA-2011-4389", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html" - }, - { - "name" : "FEDORA-2011-4413", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html" - }, - { - "name" : "FEDORA-2011-4427", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html" - }, - { - "name" : "HPSBMU02752", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133226187115472&w=2" - }, - { - "name" : "SSRT100802", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133226187115472&w=2" - }, - { - "name" : "MDVSA-2011:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:066" - }, - { - "name" : "RHSA-2011:0390", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0390.html" - }, - { - "name" : "SUSE-SR:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" - }, - { - "name" : "1025256", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025256" - }, - { - "name" : "44071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44071" - }, - { - "name" : "44088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44088" - }, - { - "name" : "ADV-2011-0792", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0792" - }, - { - "name" : "ADV-2011-0793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0793" - }, - { - "name" : "ADV-2011-0873", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0873" - }, - { - "name" : "ADV-2011-0876", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44088" + }, + { + "name": "FEDORA-2011-4413", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html" + }, + { + "name": "HPSBMU02752", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2" + }, + { + "name": "SSRT100802", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2" + }, + { + "name": "[rsync] 20110122 rsync -rcv printing out filenames when content identical", + "refsource": "MLIST", + "url": "http://lists.samba.org/archive/rsync/2011-January/025988.html" + }, + { + "name": "SUSE-SR:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" + }, + { + "name": "RHSA-2011:0390", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0390.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=675036", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675036" + }, + { + "name": "44071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44071" + }, + { + "name": "MDVSA-2011:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:066" + }, + { + "name": "FEDORA-2011-4427", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html" + }, + { + "name": "FEDORA-2011-4389", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html" + }, + { + "name": "ADV-2011-0793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0793" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=7936", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=7936" + }, + { + "name": "ADV-2011-0876", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0876" + }, + { + "name": "ADV-2011-0873", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0873" + }, + { + "name": "ADV-2011-0792", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0792" + }, + { + "name": "http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS", + "refsource": "CONFIRM", + "url": "http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS" + }, + { + "name": "http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6", + "refsource": "CONFIRM", + "url": "http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6" + }, + { + "name": "1025256", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025256" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1232.json b/2011/1xxx/CVE-2011-1232.json index 80b6e687a92..0ddd5ea7c36 100644 --- a/2011/1xxx/CVE-2011-1232.json +++ b/2011/1xxx/CVE-2011-1232.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47232" - }, - { - "name" : "71738", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71738" - }, - { - "name" : "oval:org.mitre.oval:def:12392", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12392" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var20-priv-escalation(66414)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "mswin-win32k-var20-priv-escalation(66414)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66414" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "71738", + "refsource": "OSVDB", + "url": "http://osvdb.org/71738" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "oval:org.mitre.oval:def:12392", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12392" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "47232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47232" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1624.json b/2011/1xxx/CVE-2011-1624.json index 094727d2f29..d393bba25e3 100644 --- a/2011/1xxx/CVE-2011-1624.json +++ b/2011/1xxx/CVE-2011-1624.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/switches/lan/cisco_ie3000/software/release/12.2_58_se/release/notes/OL24335.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/switches/lan/cisco_ie3000/software/release/12.2_58_se/release/notes/OL24335.html" - }, - { - "name" : "https://supportforums.cisco.com/message/3356210", - "refsource" : "CONFIRM", - "url" : "https://supportforums.cisco.com/message/3356210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://supportforums.cisco.com/message/3356210", + "refsource": "CONFIRM", + "url": "https://supportforums.cisco.com/message/3356210" + }, + { + "name": "http://www.cisco.com/en/US/docs/switches/lan/cisco_ie3000/software/release/12.2_58_se/release/notes/OL24335.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/switches/lan/cisco_ie3000/software/release/12.2_58_se/release/notes/OL24335.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1631.json b/2011/1xxx/CVE-2011-1631.json index 7fc902e8707..63dbbad27e7 100644 --- a/2011/1xxx/CVE-2011-1631.json +++ b/2011/1xxx/CVE-2011-1631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1786.json b/2011/1xxx/CVE-2011-1786.json index c542950e3ec..2658611d154 100644 --- a/2011/1xxx/CVE-2011-1786.json +++ b/2011/1xxx/CVE-2011-1786.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517739/100/0/threaded" - }, - { - "name" : "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" - }, - { - "name" : "http://kb.vmware.com/kb/1035108", - "refsource" : "CONFIRM", - "url" : "http://kb.vmware.com/kb/1035108" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" - }, - { - "name" : "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/", - "refsource" : "CONFIRM", - "url" : "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/" - }, - { - "name" : "47625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47625" - }, - { - "name" : "1025452", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025452" - }, - { - "name" : "44349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44349" - }, - { - "name" : "8240", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8240" - }, - { - "name" : "likewise-lsaad-dos(67194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/", + "refsource": "CONFIRM", + "url": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/" + }, + { + "name": "1025452", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025452" + }, + { + "name": "http://kb.vmware.com/kb/1035108", + "refsource": "CONFIRM", + "url": "http://kb.vmware.com/kb/1035108" + }, + { + "name": "44349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44349" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" + }, + { + "name": "likewise-lsaad-dos(67194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67194" + }, + { + "name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" + }, + { + "name": "47625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47625" + }, + { + "name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded" + }, + { + "name": "8240", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8240" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3843.json b/2011/3xxx/CVE-2011-3843.json index 5f68857189d..85338d9341a 100644 --- a/2011/3xxx/CVE-2011-3843.json +++ b/2011/3xxx/CVE-2011-3843.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3843", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3843", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3854.json b/2011/3xxx/CVE-2011-3854.json index 4b415719ea2..781889b9281 100644 --- a/2011/3xxx/CVE-2011-3854.json +++ b/2011/3xxx/CVE-2011-3854.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/en/Advisories/12", - "refsource" : "MISC", - "url" : "https://sitewat.ch/en/Advisories/12" - }, - { - "name" : "46296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46296" + }, + { + "name": "https://sitewat.ch/en/Advisories/12", + "refsource": "MISC", + "url": "https://sitewat.ch/en/Advisories/12" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4569.json b/2011/4xxx/CVE-2011-4569.json index b3139667641..489496f9d8b 100644 --- a/2011/4xxx/CVE-2011-4569.json +++ b/2011/4xxx/CVE-2011-4569.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17962", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17962" - }, - { - "name" : "50049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50049" - }, - { - "name" : "mybbforum-image2-sql-injection(70474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50049" + }, + { + "name": "mybbforum-image2-sql-injection(70474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70474" + }, + { + "name": "17962", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17962" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4736.json b/2011/4xxx/CVE-2011-4736.json index 6da0d1ebf06..07228a84f8b 100644 --- a/2011/4xxx/CVE-2011-4736.json +++ b/2011/4xxx/CVE-2011-4736.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" - }, - { - "name" : "plesk-password-information-disclosure(72323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "plesk-password-information-disclosure(72323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72323" + }, + { + "name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4750.json b/2011/4xxx/CVE-2011-4750.json index 3660df5e910..b81f6db470b 100644 --- a/2011/4xxx/CVE-2011-4750.json +++ b/2011/4xxx/CVE-2011-4750.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4948.json b/2011/4xxx/CVE-2011-4948.json index 3ce8a970826..82316a4820a 100644 --- a/2011/4xxx/CVE-2011-4948.json +++ b/2011/4xxx/CVE-2011-4948.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[egroupware-german] 20110805 new EGroupware SECURITY & maintenance release 1.8.001.20110805", - "refsource" : "MLIST", - "url" : "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144" - }, - { - "name" : "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/29/1" - }, - { - "name" : "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/30/3" - }, - { - "name" : "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html" - }, - { - "name" : "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224", - "refsource" : "MISC", - "url" : "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224" - }, - { - "name" : "http://www.egroupware.org/changelog", - "refsource" : "CONFIRM", - "url" : "http://www.egroupware.org/changelog" - }, - { - "name" : "http://www.egroupware.org/epl-changelog", - "refsource" : "CONFIRM", - "url" : "http://www.egroupware.org/epl-changelog" - }, - { - "name" : "52770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.egroupware.org/epl-changelog", + "refsource": "CONFIRM", + "url": "http://www.egroupware.org/epl-changelog" + }, + { + "name": "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224", + "refsource": "MISC", + "url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224" + }, + { + "name": "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html" + }, + { + "name": "http://www.egroupware.org/changelog", + "refsource": "CONFIRM", + "url": "http://www.egroupware.org/changelog" + }, + { + "name": "52770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52770" + }, + { + "name": "[egroupware-german] 20110805 new EGroupware SECURITY & maintenance release 1.8.001.20110805", + "refsource": "MLIST", + "url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144" + }, + { + "name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/29/1" + }, + { + "name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/30/3" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5007.json b/2011/5xxx/CVE-2011-5007.json index ca4572cf196..9281b4c5801 100644 --- a/2011/5xxx/CVE-2011-5007.json +++ b/2011/5xxx/CVE-2011-5007.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2011/Nov/178" - }, - { - "name" : "18187", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18187" - }, - { - "name" : "http://aluigi.altervista.org/adv/codesys_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/codesys_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01" - }, - { - "name" : "77387", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77387" - }, - { - "name" : "47018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf" + }, + { + "name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2011/Nov/178" + }, + { + "name": "47018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47018" + }, + { + "name": "http://aluigi.altervista.org/adv/codesys_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt" + }, + { + "name": "77387", + "refsource": "OSVDB", + "url": "http://osvdb.org/77387" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01" + }, + { + "name": "18187", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18187" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5022.json b/2011/5xxx/CVE-2011-5022.json index b24177232da..c4f74267dc9 100644 --- a/2011/5xxx/CVE-2011-5022.json +++ b/2011/5xxx/CVE-2011-5022.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/Advisory/View/5", - "refsource" : "MISC", - "url" : "https://sitewat.ch/Advisory/View/5" - }, - { - "name" : "http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/search.php?r1=2255&r2=2254&pathrev=2255", - "refsource" : "CONFIRM", - "url" : "http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/search.php?r1=2255&r2=2254&pathrev=2255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/search.php?r1=2255&r2=2254&pathrev=2255", + "refsource": "CONFIRM", + "url": "http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/search.php?r1=2255&r2=2254&pathrev=2255" + }, + { + "name": "https://sitewat.ch/Advisory/View/5", + "refsource": "MISC", + "url": "https://sitewat.ch/Advisory/View/5" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2151.json b/2014/2xxx/CVE-2014-2151.json index 50cf2845498..6bfaaf8dfea 100644 --- a/2014/2xxx/CVE-2014-2151.json +++ b/2014/2xxx/CVE-2014-2151.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34627", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34627" - }, - { - "name" : "20140616 Cisco ASA WebVPN Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2151" - }, - { - "name" : "68063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68063" - }, - { - "name" : "1030445", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140616 Cisco ASA WebVPN Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2151" + }, + { + "name": "1030445", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030445" + }, + { + "name": "68063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68063" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34627", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34627" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2206.json b/2014/2xxx/CVE-2014-2206.json index f9c4e5ec948..ebe8710fd88 100644 --- a/2014/2xxx/CVE-2014-2206.json +++ b/2014/2xxx/CVE-2014-2206.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140302 [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531326/100/0/threaded" - }, - { - "name" : "http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution", - "refsource" : "MISC", - "url" : "http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution" - }, - { - "name" : "65913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140302 [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531326/100/0/threaded" + }, + { + "name": "http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution", + "refsource": "MISC", + "url": "http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution" + }, + { + "name": "65913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65913" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2693.json b/2014/2xxx/CVE-2014-2693.json index 37fa0ba7fe2..abcbaabb706 100644 --- a/2014/2xxx/CVE-2014-2693.json +++ b/2014/2xxx/CVE-2014-2693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2974.json b/2014/2xxx/CVE-2014-2974.json index b0adc0b5138..7b1754114d8 100644 --- a/2014/2xxx/CVE-2014-2974.json +++ b/2014/2xxx/CVE-2014-2974.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#867980", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/867980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#867980", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/867980" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3279.json b/2014/3xxx/CVE-2014-3279.json index 7f76094f2ea..2cb15cca34b 100644 --- a/2014/3xxx/CVE-2014-3279.json +++ b/2014/3xxx/CVE-2014-3279.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381" - }, - { - "name" : "20140527 Cisco Unified Communications Domain Manager Admin User Enumeration Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279" - }, - { - "name" : "67663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67663" - }, - { - "name" : "1030306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030306" - }, - { - "name" : "58400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58400" - }, - { - "name" : "58657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030306" + }, + { + "name": "20140527 Cisco Unified Communications Domain Manager Admin User Enumeration Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279" + }, + { + "name": "58657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58657" + }, + { + "name": "67663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67663" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381" + }, + { + "name": "58400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58400" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6016.json b/2014/6xxx/CVE-2014-6016.json index c76dfefb40f..a5287112315 100644 --- a/2014/6xxx/CVE-2014-6016.json +++ b/2014/6xxx/CVE-2014-6016.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#513769", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/513769" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#513769", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/513769" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6717.json b/2014/6xxx/CVE-2014-6717.json index f35e18bbc7b..aa53298dbc0 100644 --- a/2014/6xxx/CVE-2014-6717.json +++ b/2014/6xxx/CVE-2014-6717.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iTriage Health (aka com.healthagen.iTriage) application 5.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#220729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/220729" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iTriage Health (aka com.healthagen.iTriage) application 5.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#220729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/220729" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6749.json b/2014/6xxx/CVE-2014-6749.json index a9569e5933b..3e1f50397b7 100644 --- a/2014/6xxx/CVE-2014-6749.json +++ b/2014/6xxx/CVE-2014-6749.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#109849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/109849" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#109849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/109849" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6758.json b/2014/6xxx/CVE-2014-6758.json index 20b2a27716c..e5dcd9e72c8 100644 --- a/2014/6xxx/CVE-2014-6758.json +++ b/2014/6xxx/CVE-2014-6758.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application 1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#190897", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/190897" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application 1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#190897", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/190897" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7209.json b/2014/7xxx/CVE-2014-7209.json index ea9989b41ed..0fd69ae5c74 100644 --- a/2014/7xxx/CVE-2014-7209.json +++ b/2014/7xxx/CVE-2014-7209.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-7209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141231 Command Injection in mime-support/run-mailcap (CVE-2014-7209)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/31/8" - }, - { - "name" : "DSA-3114", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3114" - }, - { - "name" : "71797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71797" - }, - { - "name" : "61892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61892" - }, - { - "name" : "62079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62079" - }, - { - "name" : "mimesuuport-cve20147209-command-exec(99570)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71797" + }, + { + "name": "61892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61892" + }, + { + "name": "mimesuuport-cve20147209-command-exec(99570)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99570" + }, + { + "name": "62079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62079" + }, + { + "name": "DSA-3114", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3114" + }, + { + "name": "[oss-security] 20141231 Command Injection in mime-support/run-mailcap (CVE-2014-7209)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/31/8" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7276.json b/2014/7xxx/CVE-2014-7276.json index 638c71bf2c2..15bc6780017 100644 --- a/2014/7xxx/CVE-2014-7276.json +++ b/2014/7xxx/CVE-2014-7276.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7276", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7276", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7557.json b/2014/7xxx/CVE-2014-7557.json index bf578be90e9..da938951133 100644 --- a/2014/7xxx/CVE-2014-7557.json +++ b/2014/7xxx/CVE-2014-7557.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The zroadster.com (aka com.tapatalk.zroadstercomforum) application 2.4.13.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#757881", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/757881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The zroadster.com (aka com.tapatalk.zroadstercomforum) application 2.4.13.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#757881", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/757881" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7955.json b/2014/7xxx/CVE-2014-7955.json index e51eeebec4a..ab269476908 100644 --- a/2014/7xxx/CVE-2014-7955.json +++ b/2014/7xxx/CVE-2014-7955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7955", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7955", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0097.json b/2017/0xxx/CVE-2017-0097.json index 792375ba680..410c71c65bf 100644 --- a/2017/0xxx/CVE-2017-0097.json +++ b/2017/0xxx/CVE-2017-0097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hyper-V", - "version" : { - "version_data" : [ - { - "version_value" : "Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka \"Hyper-V Denial of Service Vulnerability.\" This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyper-V", + "version": { + "version_data": [ + { + "version_value": "Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097" - }, - { - "name" : "96639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96639" - }, - { - "name" : "1037999", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka \"Hyper-V Denial of Service Vulnerability.\" This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96639" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097" + }, + { + "name": "1037999", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037999" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0443.json b/2017/0xxx/CVE-2017-0443.json index 00ff61ad659..82be4a84852 100644 --- a/2017/0xxx/CVE-2017-0443.json +++ b/2017/0xxx/CVE-2017-0443.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443" - }, - { - "name" : "96047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96047" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96047" + }, + { + "name": "https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0798.json b/2017/0xxx/CVE-2017-0798.json index a28a39cf05f..eb7d55f0b51 100644 --- a/2017/0xxx/CVE-2017-0798.json +++ b/2017/0xxx/CVE-2017-0798.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100652" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0835.json b/2017/0xxx/CVE-2017-0835.json index 6636f3c1484..b6d9f924394 100644 --- a/2017/0xxx/CVE-2017-0835.json +++ b/2017/0xxx/CVE-2017-0835.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "101717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "101717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101717" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18062.json b/2017/18xxx/CVE-2017-18062.json index 106ddea8897..a682f75e5b3 100644 --- a/2017/18xxx/CVE-2017-18062.json +++ b/2017/18xxx/CVE-2017-18062.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-18062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing UTF event in wma_process_utf_event()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-18062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d7927eb7c9c2d79a3e24cddd1e9447ab98bf6700", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d7927eb7c9c2d79a3e24cddd1e9447ab98bf6700" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing UTF event in wma_process_utf_event()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d7927eb7c9c2d79a3e24cddd1e9447ab98bf6700", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d7927eb7c9c2d79a3e24cddd1e9447ab98bf6700" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18283.json b/2017/18xxx/CVE-2017-18283.json index ce4c8b428a6..5fc3233aadf 100644 --- a/2017/18xxx/CVE-2017-18283.json +++ b/2017/18xxx/CVE-2017-18283.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in Bluetooth Controller" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Bluetooth Controller" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1084.json b/2017/1xxx/CVE-2017-1084.json index 3340cc30d1f..1a0e4d9804d 100644 --- a/2017/1xxx/CVE-2017-1084.json +++ b/2017/1xxx/CVE-2017-1084.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "DATE_PUBLIC" : "2017-06-19T00:00:00", - "ID" : "CVE-2017-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "before 11.2-RELEASE" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Userspace stack overflow" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "DATE_PUBLIC": "2017-06-19T00:00:00", + "ID": "CVE-2017-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "before 11.2-RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42277", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42277/" - }, - { - "name" : "42278", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42278/" - }, - { - "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Userspace stack overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42277", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42277/" + }, + { + "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + }, + { + "name": "42278", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42278/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1171.json b/2017/1xxx/CVE-2017-1171.json index 6b2441bc790..02e0ab117b8 100644 --- a/2017/1xxx/CVE-2017-1171.json +++ b/2017/1xxx/CVE-2017-1171.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TRIRIGA Application Platform", - "version" : { - "version_data" : [ - { - "version_value" : "3.2" - }, - { - "version_value" : "3.2.1" - }, - { - "version_value" : "3.1" - }, - { - "version_value" : "3.0" - }, - { - "version_value" : "3.3" - }, - { - "version_value" : "3.3.1" - }, - { - "version_value" : "2.7" - }, - { - "version_value" : "2.6" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.1" - }, - { - "version_value" : "3.3.2" - }, - { - "version_value" : "3.4" - }, - { - "version_value" : "3.4.1" - }, - { - "version_value" : "3.4.2" - }, - { - "version_value" : "3.5" - }, - { - "version_value" : "3.5.1" - }, - { - "version_value" : "3.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TRIRIGA Application Platform", + "version": { + "version_data": [ + { + "version_value": "3.2" + }, + { + "version_value": "3.2.1" + }, + { + "version_value": "3.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.3" + }, + { + "version_value": "3.3.1" + }, + { + "version_value": "2.7" + }, + { + "version_value": "2.6" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.1" + }, + { + "version_value": "3.3.2" + }, + { + "version_value": "3.4" + }, + { + "version_value": "3.4.1" + }, + { + "version_value": "3.4.2" + }, + { + "version_value": "3.5" + }, + { + "version_value": "3.5.1" + }, + { + "version_value": "3.5.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22001083", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22001083" - }, - { - "name" : "97245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97245" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22001083", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22001083" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1379.json b/2017/1xxx/CVE-2017-1379.json index 67872904fa5..e5b3fdaa354 100644 --- a/2017/1xxx/CVE-2017-1379.json +++ b/2017/1xxx/CVE-2017-1379.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.6.0" - }, - { - "version_value" : "5.0.6.1" - }, - { - "version_value" : "5.0.6.2" - }, - { - "version_value" : "5.0.7.0" - }, - { - "version_value" : "5.0.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.6.0" + }, + { + "version_value": "5.0.6.1" + }, + { + "version_value": "5.0.6.2" + }, + { + "version_value": "5.0.7.0" + }, + { + "version_value": "5.0.7.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127002", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127002" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004714", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004714" - }, - { - "name" : "99063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99063" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127002", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127002" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004714", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004714" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1807.json b/2017/1xxx/CVE-2017-1807.json index e0aeef9a5c5..7f46e02c6b7 100644 --- a/2017/1xxx/CVE-2017-1807.json +++ b/2017/1xxx/CVE-2017-1807.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1807", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1807", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1865.json b/2017/1xxx/CVE-2017-1865.json index f7b72b54304..5b9a19ee762 100644 --- a/2017/1xxx/CVE-2017-1865.json +++ b/2017/1xxx/CVE-2017-1865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1865", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1865", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1989.json b/2017/1xxx/CVE-2017-1989.json index 764274bc2a2..3c5baaa1b5e 100644 --- a/2017/1xxx/CVE-2017-1989.json +++ b/2017/1xxx/CVE-2017-1989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1989", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1989", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5608.json b/2017/5xxx/CVE-2017-5608.json index e0a51e29e08..48042dfb80e 100644 --- a/2017/5xxx/CVE-2017-5608.json +++ b/2017/5xxx/CVE-2017-5608.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://piwigo.org/releases/2.8.6", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/releases/2.8.6" - }, - { - "name" : "https://github.com/Piwigo/Piwigo/commit/6ec3f2d0fae0437f0c2cc8c475a26fb6aeb0d4cb", - "refsource" : "CONFIRM", - "url" : "https://github.com/Piwigo/Piwigo/commit/6ec3f2d0fae0437f0c2cc8c475a26fb6aeb0d4cb" - }, - { - "name" : "https://github.com/Piwigo/Piwigo/issues/600", - "refsource" : "CONFIRM", - "url" : "https://github.com/Piwigo/Piwigo/issues/600" - }, - { - "name" : "95848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Piwigo/Piwigo/issues/600", + "refsource": "CONFIRM", + "url": "https://github.com/Piwigo/Piwigo/issues/600" + }, + { + "name": "95848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95848" + }, + { + "name": "https://github.com/Piwigo/Piwigo/commit/6ec3f2d0fae0437f0c2cc8c475a26fb6aeb0d4cb", + "refsource": "CONFIRM", + "url": "https://github.com/Piwigo/Piwigo/commit/6ec3f2d0fae0437f0c2cc8c475a26fb6aeb0d4cb" + }, + { + "name": "http://piwigo.org/releases/2.8.6", + "refsource": "CONFIRM", + "url": "http://piwigo.org/releases/2.8.6" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5715.json b/2017/5xxx/CVE-2017-5715.json index 5ba9fa3b714..a633a4ef3d9 100644 --- a/2017/5xxx/CVE-2017-5715.json +++ b/2017/5xxx/CVE-2017-5715.json @@ -1,483 +1,483 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2017-5715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microprocessors with Speculative Execution", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2017-5715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microprocessors with Speculative Execution", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43427", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43427/" - }, - { - "name" : "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" - }, - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html" - }, - { - "name" : "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", - "refsource" : "MISC", - "url" : "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" - }, - { - "name" : "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", - "refsource" : "MISC", - "url" : "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" - }, - { - "name" : "https://spectreattack.com/", - "refsource" : "MISC", - "url" : "https://spectreattack.com/" - }, - { - "name" : "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html" - }, - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-254.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-254.html" - }, - { - "name" : "https://access.redhat.com/security/vulnerabilities/speculativeexecution", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/vulnerabilities/speculativeexecution" - }, - { - "name" : "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", - "refsource" : "CONFIRM", - "url" : "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" - }, - { - "name" : "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", - "refsource" : "CONFIRM", - "url" : "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" - }, - { - "name" : "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" - }, - { - "name" : "https://support.f5.com/csp/article/K91229003", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K91229003" - }, - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-18282", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-18282" - }, - { - "name" : "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_18_01", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_18_01" - }, - { - "name" : "https://support.citrix.com/article/CTX231399", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX231399" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180104-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180104-0001/" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" - }, - { - "name" : "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html" - }, - { - "name" : "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" - }, - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0007.html" - }, - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/121", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/121" - }, - { - "name" : "https://cert.vde.com/en-us/advisories/vde-2018-002", - "refsource" : "CONFIRM", - "url" : "https://cert.vde.com/en-us/advisories/vde-2018-002" - }, - { - "name" : "https://cert.vde.com/en-us/advisories/vde-2018-003", - "refsource" : "CONFIRM", - "url" : "https://cert.vde.com/en-us/advisories/vde-2018-003" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", - "refsource" : "CONFIRM", - "url" : "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" - }, - { - "name" : "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" - }, - { - "name" : "DSA-4120", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4120" - }, - { - "name" : "DSA-4187", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4187" - }, - { - "name" : "DSA-4188", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4188" - }, - { - "name" : "DSA-4213", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4213" - }, - { - "name" : "FreeBSD-SA-18:03", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc" - }, - { - "name" : "GLSA-201810-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-06" - }, - { - "name" : "RHSA-2018:0292", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0292" - }, - { - "name" : "SUSE-SU-2018:0006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html" - }, - { - "name" : "SUSE-SU-2018:0007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html" - }, - { - "name" : "SUSE-SU-2018:0008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html" - }, - { - "name" : "SUSE-SU-2018:0009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html" - }, - { - "name" : "SUSE-SU-2018:0010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2018:0011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" - }, - { - "name" : "SUSE-SU-2018:0012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" - }, - { - "name" : "SUSE-SU-2018:0019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html" - }, - { - "name" : "SUSE-SU-2018:0020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html" - }, - { - "name" : "openSUSE-SU-2018:0013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html" - }, - { - "name" : "openSUSE-SU-2018:0022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" - }, - { - "name" : "openSUSE-SU-2018:0023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" - }, - { - "name" : "USN-3516-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/usn/usn-3516-1/" - }, - { - "name" : "USN-3531-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3531-1/" - }, - { - "name" : "USN-3549-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3549-1/" - }, - { - "name" : "USN-3560-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3560-1/" - }, - { - "name" : "USN-3561-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3561-1/" - }, - { - "name" : "USN-3580-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3580-1/" - }, - { - "name" : "USN-3581-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3581-1/" - }, - { - "name" : "USN-3581-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3581-2/" - }, - { - "name" : "USN-3582-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3582-1/" - }, - { - "name" : "USN-3582-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3582-2/" - }, - { - "name" : "USN-3594-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3594-1/" - }, - { - "name" : "USN-3597-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3597-1/" - }, - { - "name" : "USN-3597-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3597-2/" - }, - { - "name" : "USN-3542-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3542-2/" - }, - { - "name" : "USN-3540-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3540-2/" - }, - { - "name" : "USN-3541-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3541-2/" - }, - { - "name" : "USN-3531-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3531-3/" - }, - { - "name" : "USN-3620-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3620-2/" - }, - { - "name" : "USN-3690-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3690-1/" - }, - { - "name" : "USN-3777-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-3/" - }, - { - "name" : "VU#584653", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/584653" - }, - { - "name" : "VU#180049", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/180049" - }, - { - "name" : "102376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102376" - }, - { - "name" : "1040071", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" + }, + { + "name": "USN-3560-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3560-1/" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" + }, + { + "name": "DSA-4187", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4187" + }, + { + "name": "USN-3542-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3542-2/" + }, + { + "name": "GLSA-201810-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-06" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "USN-3540-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3540-2/" + }, + { + "name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "USN-3597-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3597-1/" + }, + { + "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" + }, + { + "name": "SUSE-SU-2018:0012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" + }, + { + "name": "SUSE-SU-2018:0011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" + }, + { + "name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", + "refsource": "MISC", + "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" + }, + { + "name": "DSA-4213", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4213" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2018-002", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" + }, + { + "name": "DSA-4120", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4120" + }, + { + "name": "openSUSE-SU-2018:0013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html" + }, + { + "name": "USN-3580-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3580-1/" + }, + { + "name": "https://support.f5.com/csp/article/K91229003", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K91229003" + }, + { + "name": "USN-3531-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3531-3/" + }, + { + "name": "USN-3620-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3620-2/" + }, + { + "name": "openSUSE-SU-2018:0022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" + }, + { + "name": "USN-3582-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3582-1/" + }, + { + "name": "DSA-4188", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4188" + }, + { + "name": "RHSA-2018:0292", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0292" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-254.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-254.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180104-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" + }, + { + "name": "SUSE-SU-2018:0019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_18_01", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_18_01" + }, + { + "name": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" + }, + { + "name": "102376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102376" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/121", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/121" + }, + { + "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", + "refsource": "CONFIRM", + "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" + }, + { + "name": "USN-3594-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3594-1/" + }, + { + "name": "VU#584653", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/584653" + }, + { + "name": "VU#180049", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/180049" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2018-003", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" + }, + { + "name": "SUSE-SU-2018:0009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html" + }, + { + "name": "USN-3690-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3690-1/" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" + }, + { + "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", + "refsource": "CONFIRM", + "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us" + }, + { + "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html" + }, + { + "name": "USN-3549-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3549-1/" + }, + { + "name": "SUSE-SU-2018:0007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html" + }, + { + "name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" + }, + { + "name": "https://support.citrix.com/article/CTX231399", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX231399" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://spectreattack.com/", + "refsource": "MISC", + "url": "https://spectreattack.com/" + }, + { + "name": "USN-3531-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3531-1/" + }, + { + "name": "FreeBSD-SA-18:03", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc" + }, + { + "name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", + "refsource": "CONFIRM", + "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" + }, + { + "name": "SUSE-SU-2018:0006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html" + }, + { + "name": "USN-3581-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3581-1/" + }, + { + "name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", + "refsource": "CONFIRM", + "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" + }, + { + "name": "1040071", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040071" + }, + { + "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr" + }, + { + "name": "USN-3597-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3597-2/" + }, + { + "name": "USN-3581-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3581-2/" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" + }, + { + "name": "SUSE-SU-2018:0010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" + }, + { + "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" + }, + { + "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" + }, + { + "name": "USN-3516-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/usn/usn-3516-1/" + }, + { + "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html" + }, + { + "name": "43427", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43427/" + }, + { + "name": "SUSE-SU-2018:0020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html" + }, + { + "name": "USN-3541-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3541-2/" + }, + { + "name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", + "refsource": "MISC", + "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" + }, + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-18282", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-18282" + }, + { + "name": "USN-3777-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-3/" + }, + { + "name": "openSUSE-SU-2018:0023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" + }, + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html" + }, + { + "name": "SUSE-SU-2018:0008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" + }, + { + "name": "USN-3561-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3561-1/" + }, + { + "name": "USN-3582-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3582-2/" + } + ] + } +} \ No newline at end of file