From e6950764a430a5c512ce4191de9be76bfead094f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:05:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2027.json | 150 +++---- 2006/2xxx/CVE-2006-2098.json | 130 +++--- 2006/2xxx/CVE-2006-2331.json | 220 +++++----- 2006/2xxx/CVE-2006-2840.json | 150 +++---- 2006/2xxx/CVE-2006-2911.json | 190 ++++----- 2006/3xxx/CVE-2006-3364.json | 200 ++++----- 2006/3xxx/CVE-2006-3403.json | 570 ++++++++++++------------- 2006/3xxx/CVE-2006-3453.json | 190 ++++----- 2006/3xxx/CVE-2006-3649.json | 190 ++++----- 2006/3xxx/CVE-2006-3801.json | 640 ++++++++++++++--------------- 2006/6xxx/CVE-2006-6427.json | 180 ++++---- 2006/6xxx/CVE-2006-6455.json | 170 ++++---- 2006/6xxx/CVE-2006-6495.json | 210 +++++----- 2006/7xxx/CVE-2006-7014.json | 170 ++++---- 2011/0xxx/CVE-2011-0041.json | 140 +++---- 2011/0xxx/CVE-2011-0219.json | 130 +++--- 2011/0xxx/CVE-2011-0361.json | 34 +- 2011/0xxx/CVE-2011-0747.json | 34 +- 2011/0xxx/CVE-2011-0830.json | 130 +++--- 2011/0xxx/CVE-2011-0841.json | 120 +++--- 2011/1xxx/CVE-2011-1010.json | 260 ++++++------ 2011/3xxx/CVE-2011-3255.json | 140 +++---- 2011/3xxx/CVE-2011-3521.json | 310 +++++++------- 2011/3xxx/CVE-2011-3792.json | 140 +++---- 2011/4xxx/CVE-2011-4003.json | 34 +- 2011/4xxx/CVE-2011-4126.json | 34 +- 2011/4xxx/CVE-2011-4323.json | 34 +- 2011/4xxx/CVE-2011-4549.json | 34 +- 2013/5xxx/CVE-2013-5086.json | 34 +- 2013/5xxx/CVE-2013-5371.json | 140 +++---- 2013/5xxx/CVE-2013-5685.json | 34 +- 2014/2xxx/CVE-2014-2280.json | 160 ++++---- 2014/2xxx/CVE-2014-2482.json | 160 ++++---- 2014/6xxx/CVE-2014-6255.json | 130 +++--- 2014/6xxx/CVE-2014-6460.json | 150 +++---- 2014/7xxx/CVE-2014-7404.json | 34 +- 2014/7xxx/CVE-2014-7806.json | 34 +- 2017/0xxx/CVE-2017-0046.json | 34 +- 2017/0xxx/CVE-2017-0665.json | 132 +++--- 2017/0xxx/CVE-2017-0765.json | 162 ++++---- 2017/1000xxx/CVE-2017-1000147.json | 124 +++--- 2017/18xxx/CVE-2017-18169.json | 122 +++--- 2017/1xxx/CVE-2017-1126.json | 148 +++---- 2017/1xxx/CVE-2017-1284.json | 148 +++---- 2017/1xxx/CVE-2017-1618.json | 34 +- 2017/1xxx/CVE-2017-1832.json | 34 +- 2017/5xxx/CVE-2017-5078.json | 170 ++++---- 2017/5xxx/CVE-2017-5382.json | 152 +++---- 2017/5xxx/CVE-2017-5607.json | 190 ++++----- 2017/5xxx/CVE-2017-5696.json | 134 +++--- 50 files changed, 3697 insertions(+), 3697 deletions(-) diff --git a/2006/2xxx/CVE-2006-2027.json b/2006/2xxx/CVE-2006-2027.json index b1d75f25e94..c5f7d2b55da 100644 --- a/2006/2xxx/CVE-2006-2027.json +++ b/2006/2xxx/CVE-2006-2027.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when an admin selects the Logging section in the FTP server main window. NOTE: the original researcher claims that the vendor disputes this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060424 Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431920/100/0/threaded" - }, - { - "name" : "17681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17681" - }, - { - "name" : "25235", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25235" - }, - { - "name" : "788", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when an admin selects the Logging section in the FTP server main window. NOTE: the original researcher claims that the vendor disputes this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17681" + }, + { + "name": "20060424 Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431920/100/0/threaded" + }, + { + "name": "788", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/788" + }, + { + "name": "25235", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25235" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2098.json b/2006/2xxx/CVE-2006-2098.json index c2bee3faf15..003a0307891 100644 --- a/2006/2xxx/CVE-2006-2098.json +++ b/2006/2xxx/CVE-2006-2098.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://staff.xiaoka.com/smoku/stuff/ThAutoIndex/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://staff.xiaoka.com/smoku/stuff/ThAutoIndex/ChangeLog" - }, - { - "name" : "24873", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://staff.xiaoka.com/smoku/stuff/ThAutoIndex/ChangeLog", + "refsource": "CONFIRM", + "url": "http://staff.xiaoka.com/smoku/stuff/ThAutoIndex/ChangeLog" + }, + { + "name": "24873", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24873" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2331.json b/2006/2xxx/CVE-2006-2331.json index 80f511df76c..a0e4f4c3a78 100644 --- a/2006/2xxx/CVE-2006-2331.json +++ b/2006/2xxx/CVE-2006-2331.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433277/100/0/threaded" - }, - { - "name" : "http://www.php-fusion.co.uk/news.php", - "refsource" : "CONFIRM", - "url" : "http://www.php-fusion.co.uk/news.php" - }, - { - "name" : "http://www.php-fusion.co.uk/news.php?readmore=321", - "refsource" : "CONFIRM", - "url" : "http://www.php-fusion.co.uk/news.php?readmore=321" - }, - { - "name" : "17898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17898" - }, - { - "name" : "ADV-2006-1735", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1735" - }, - { - "name" : "25538", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25538" - }, - { - "name" : "25539", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25539" - }, - { - "name" : "19992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19992" - }, - { - "name" : "194", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/194" - }, - { - "name" : "873", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/873" - }, - { - "name" : "phpfusion-lastseenuserspanel-file-include(26389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "873", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/873" + }, + { + "name": "http://www.php-fusion.co.uk/news.php", + "refsource": "CONFIRM", + "url": "http://www.php-fusion.co.uk/news.php" + }, + { + "name": "phpfusion-lastseenuserspanel-file-include(26389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26389" + }, + { + "name": "25539", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25539" + }, + { + "name": "20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433277/100/0/threaded" + }, + { + "name": "194", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/194" + }, + { + "name": "19992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19992" + }, + { + "name": "17898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17898" + }, + { + "name": "25538", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25538" + }, + { + "name": "ADV-2006-1735", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1735" + }, + { + "name": "http://www.php-fusion.co.uk/news.php?readmore=321", + "refsource": "CONFIRM", + "url": "http://www.php-fusion.co.uk/news.php?readmore=321" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2840.json b/2006/2xxx/CVE-2006-2840.json index 886bf1b3ce1..de4b833d4a3 100644 --- a/2006/2xxx/CVE-2006-2840.json +++ b/2006/2xxx/CVE-2006-2840.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pmwiki.org/wiki/PmWiki/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.pmwiki.org/wiki/PmWiki/ChangeLog" - }, - { - "name" : "ADV-2006-2084", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2084" - }, - { - "name" : "20386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20386" - }, - { - "name" : "pmwiki-uploads-xss(26827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog" + }, + { + "name": "ADV-2006-2084", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2084" + }, + { + "name": "20386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20386" + }, + { + "name": "pmwiki-uploads-xss(26827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2911.json b/2006/2xxx/CVE-2006-2911.json index fb15fea61a4..5e4ed510523 100644 --- a/2006/2xxx/CVE-2006-2911.json +++ b/2006/2xxx/CVE-2006-2911.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-2911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 Secunia Research: CMS Mundo SQL Injection and File UploadVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437183/100/200/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-43/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-43/advisory/" - }, - { - "name" : "18451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18451" - }, - { - "name" : "ADV-2006-2348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2348" - }, - { - "name" : "26464", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26464" - }, - { - "name" : "1016311", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016311" - }, - { - "name" : "20362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20362" - }, - { - "name" : "cmsmundo-username-sql-injection(27093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18451" + }, + { + "name": "http://secunia.com/secunia_research/2006-43/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-43/advisory/" + }, + { + "name": "ADV-2006-2348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2348" + }, + { + "name": "20060614 Secunia Research: CMS Mundo SQL Injection and File UploadVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437183/100/200/threaded" + }, + { + "name": "26464", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26464" + }, + { + "name": "cmsmundo-username-sql-injection(27093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27093" + }, + { + "name": "20362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20362" + }, + { + "name": "1016311", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016311" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3364.json b/2006/3xxx/CVE-2006-3364.json index ca9e74af1dd..6ac67ebcbb8 100644 --- a/2006/3xxx/CVE-2006-3364.json +++ b/2006/3xxx/CVE-2006-3364.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060628 BLOG:CMS <= 4.0.0k sql injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438603/100/100/threaded" - }, - { - "name" : "http://retrogod.altervista.org/blogcms_400k_sql.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/blogcms_400k_sql.html" - }, - { - "name" : "http://blogcms.com/wiki/changelog", - "refsource" : "CONFIRM", - "url" : "http://blogcms.com/wiki/changelog" - }, - { - "name" : "ADV-2006-2582", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2582" - }, - { - "name" : "26877", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26877" - }, - { - "name" : "1016408", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016408" - }, - { - "name" : "20859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20859" - }, - { - "name" : "1193", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1193" - }, - { - "name" : "blogcms-index-sql-injection(27435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2582", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2582" + }, + { + "name": "http://retrogod.altervista.org/blogcms_400k_sql.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/blogcms_400k_sql.html" + }, + { + "name": "26877", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26877" + }, + { + "name": "1193", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1193" + }, + { + "name": "http://blogcms.com/wiki/changelog", + "refsource": "CONFIRM", + "url": "http://blogcms.com/wiki/changelog" + }, + { + "name": "20060628 BLOG:CMS <= 4.0.0k sql injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438603/100/100/threaded" + }, + { + "name": "20859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20859" + }, + { + "name": "1016408", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016408" + }, + { + "name": "blogcms-index-sql-injection(27435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27435" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3403.json b/2006/3xxx/CVE-2006-3403.json index c1c7f9a2494..18e7778efb5 100644 --- a/2006/3xxx/CVE-2006-3403.json +++ b/2006/3xxx/CVE-2006-3403.json @@ -1,287 +1,287 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060710 Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439875/100/0/threaded" - }, - { - "name" : "20060710 [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439757/100/0/threaded" - }, - { - "name" : "20060711 rPSA-2006-0128-1 samba samba-swat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439880/100/100/threaded" - }, - { - "name" : "20060720 Samba Internal Data Structures DOS Vulnerability Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440767/100/0/threaded" - }, - { - "name" : "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451404/100/0/threaded" - }, - { - "name" : "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451417/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451426/100/200/threaded" - }, - { - "name" : "20060721 Re: Samba Internal Data Structures DOS Vulnerability Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440836/100/0/threaded" - }, - { - "name" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html", - "refsource" : "MISC", - "url" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html" - }, - { - "name" : "http://www.samba.org/samba/security/CAN-2006-3403.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CAN-2006-3403.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "DSA-1110", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1110" - }, - { - "name" : "GLSA-200607-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200607-10.xml" - }, - { - "name" : "HPSBUX02155", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/448957/100/0/threaded" - }, - { - "name" : "SSRT061235", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/448957/100/0/threaded" - }, - { - "name" : "MDKSA-2006:120", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:120" - }, - { - "name" : "RHSA-2006:0591", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0591.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "SSA:2006-195", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876" - }, - { - "name" : "SUSE-SR:2006:017", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_17_sr.html" - }, - { - "name" : "USN-314-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-314-1" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "VU#313836", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/313836" - }, - { - "name" : "18927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18927" - }, - { - "name" : "oval:org.mitre.oval:def:11355", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355" - }, - { - "name" : "ADV-2006-2745", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2745" - }, - { - "name" : "ADV-2006-4502", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4502" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "1016459", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016459" - }, - { - "name" : "20980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20980" - }, - { - "name" : "20983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20983" - }, - { - "name" : "21018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21018" - }, - { - "name" : "21019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21019" - }, - { - "name" : "21046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21046" - }, - { - "name" : "21086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21086" - }, - { - "name" : "21143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21143" - }, - { - "name" : "21187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21187" - }, - { - "name" : "21190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21190" - }, - { - "name" : "21159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21159" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "22875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22875" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - }, - { - "name" : "samba-smbd-connection-dos(27648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-314-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-314-1" + }, + { + "name": "21187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21187" + }, + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "SUSE-SR:2006:017", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html" + }, + { + "name": "1016459", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016459" + }, + { + "name": "20983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20983" + }, + { + "name": "ADV-2006-2745", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2745" + }, + { + "name": "ADV-2006-4502", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4502" + }, + { + "name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html", + "refsource": "MISC", + "url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html" + }, + { + "name": "http://www.samba.org/samba/security/CAN-2006-3403.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CAN-2006-3403.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "22875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22875" + }, + { + "name": "SSA:2006-195", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876" + }, + { + "name": "http://www.vmware.com/download/esx/esx-202-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-202-200610-patch.html" + }, + { + "name": "21190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21190" + }, + { + "name": "21086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21086" + }, + { + "name": "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451426/100/200/threaded" + }, + { + "name": "http://www.vmware.com/download/esx/esx-213-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "20060711 rPSA-2006-0128-1 samba samba-swat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439880/100/100/threaded" + }, + { + "name": "20060710 Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439875/100/0/threaded" + }, + { + "name": "VU#313836", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/313836" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "18927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18927" + }, + { + "name": "samba-smbd-connection-dos(27648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27648" + }, + { + "name": "21019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21019" + }, + { + "name": "20980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20980" + }, + { + "name": "20060721 Re: Samba Internal Data Structures DOS Vulnerability Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440836/100/0/threaded" + }, + { + "name": "RHSA-2006:0591", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0591.html" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "HPSBUX02155", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/448957/100/0/threaded" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + }, + { + "name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded" + }, + { + "name": "21046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21046" + }, + { + "name": "21159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21159" + }, + { + "name": "SSRT061235", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/448957/100/0/threaded" + }, + { + "name": "20060720 Samba Internal Data Structures DOS Vulnerability Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440767/100/0/threaded" + }, + { + "name": "DSA-1110", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1110" + }, + { + "name": "20060710 [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439757/100/0/threaded" + }, + { + "name": "GLSA-200607-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200607-10.xml" + }, + { + "name": "oval:org.mitre.oval:def:11355", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355" + }, + { + "name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded" + }, + { + "name": "MDKSA-2006:120", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:120" + }, + { + "name": "21143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21143" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + }, + { + "name": "21018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21018" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3453.json b/2006/3xxx/CVE-2006-3453.json index 700d76f839f..43d4a64461b 100644 --- a/2006/3xxx/CVE-2006-3453.json +++ b/2006/3xxx/CVE-2006-3453.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb06-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb06-09.html" - }, - { - "name" : "VU#167228", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/167228" - }, - { - "name" : "18943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18943" - }, - { - "name" : "ADV-2006-2759", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2759" - }, - { - "name" : "27156", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27156" - }, - { - "name" : "1016477", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016477" - }, - { - "name" : "21014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21014" - }, - { - "name" : "acrobat-pdf-distilling-bo(27676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#167228", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/167228" + }, + { + "name": "21014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21014" + }, + { + "name": "1016477", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016477" + }, + { + "name": "ADV-2006-2759", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2759" + }, + { + "name": "27156", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27156" + }, + { + "name": "acrobat-pdf-distilling-bo(27676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27676" + }, + { + "name": "18943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18943" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb06-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb06-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3649.json b/2006/3xxx/CVE-2006-3649.json index ed0a461e1cb..fcdf3562baf 100644 --- a/2006/3xxx/CVE-2006-3649.json +++ b/2006/3xxx/CVE-2006-3649.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-047" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#159484", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/159484" - }, - { - "name" : "19414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19414" - }, - { - "name" : "ADV-2006-3214", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3214" - }, - { - "name" : "oval:org.mitre.oval:def:694", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A694" - }, - { - "name" : "1016656", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016656" - }, - { - "name" : "21408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS06-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-047" + }, + { + "name": "VU#159484", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/159484" + }, + { + "name": "21408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21408" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "ADV-2006-3214", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3214" + }, + { + "name": "19414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19414" + }, + { + "name": "oval:org.mitre.oval:def:694", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A694" + }, + { + "name": "1016656", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016656" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3801.json b/2006/3xxx/CVE-2006-3801.json index 878aefb7f7c..35c97bbca3e 100644 --- a/2006/3xxx/CVE-2006-3801.json +++ b/2006/3xxx/CVE-2006-3801.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060727 rPSA-2006-0137-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-44.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-44.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-536", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-536" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-537", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-537" - }, - { - "name" : "GLSA-200608-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml" - }, - { - "name" : "GLSA-200608-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "RHSA-2006:0608", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" - }, - { - "name" : "USN-327-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/327-1/" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "TA06-208A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" - }, - { - "name" : "VU#476724", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/476724" - }, - { - "name" : "19181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19181" - }, - { - "name" : "oval:org.mitre.oval:def:11501", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11501" - }, - { - "name" : "ADV-2006-2998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2998" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016586" - }, - { - "name" : "1016587", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016587" - }, - { - "name" : "1016588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016588" - }, - { - "name" : "19873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19873" - }, - { - "name" : "21216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21216" - }, - { - "name" : "21228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21228" - }, - { - "name" : "21229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21229" - }, - { - "name" : "21246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21246" - }, - { - "name" : "21243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21243" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21358" - }, - { - "name" : "21361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21361" - }, - { - "name" : "21250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21250" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "21343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21343" - }, - { - "name" : "21529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21529" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-deleted-frame-code-execution(27980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21243" + }, + { + "name": "RHSA-2006:0608", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html" + }, + { + "name": "GLSA-200608-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-02.xml" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "oval:org.mitre.oval:def:11501", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11501" + }, + { + "name": "19181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19181" + }, + { + "name": "TA06-208A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" + }, + { + "name": "ADV-2006-2998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2998" + }, + { + "name": "20060727 rPSA-2006-0137-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded" + }, + { + "name": "21529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21529" + }, + { + "name": "21216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21216" + }, + { + "name": "GLSA-200608-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "1016588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016588" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "1016586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016586" + }, + { + "name": "19873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19873" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "USN-327-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/327-1/" + }, + { + "name": "21361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21361" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21246" + }, + { + "name": "mozilla-deleted-frame-code-execution(27980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27980" + }, + { + "name": "SUSE-SA:2006:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" + }, + { + "name": "21229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21229" + }, + { + "name": "1016587", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016587" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "21228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21228" + }, + { + "name": "21250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21250" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "VU#476724", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/476724" + }, + { + "name": "21358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21358" + }, + { + "name": "https://issues.rpath.com/browse/RPL-536", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-536" + }, + { + "name": "https://issues.rpath.com/browse/RPL-537", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-537" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "21343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21343" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-44.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-44.html" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6427.json b/2006/6xxx/CVE-2006-6427.json index 8fd17d35522..586b0a2e291 100644 --- a/2006/6xxx/CVE-2006-6427.json +++ b/2006/6xxx/CVE-2006-6427.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving \"command injection\" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" - }, - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf" - }, - { - "name" : "21365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21365" - }, - { - "name" : "ADV-2006-4791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4791" - }, - { - "name" : "1017337", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017337" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - }, - { - "name" : "xerox-webui-code-execution(30674)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving \"command injection\" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf" + }, + { + "name": "1017337", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017337" + }, + { + "name": "xerox-webui-code-execution(30674)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30674" + }, + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "21365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21365" + }, + { + "name": "ADV-2006-4791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4791" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6455.json b/2006/6xxx/CVE-2006-6455.json index 04f5686c5a9..8426227a99c 100644 --- a/2006/6xxx/CVE-2006-6455.json +++ b/2006/6xxx/CVE-2006-6455.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061207 DUdirectory Admin Panel SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453809/100/0/threaded" - }, - { - "name" : "21485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21485" - }, - { - "name" : "ADV-2006-4908", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4908" - }, - { - "name" : "23275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23275" - }, - { - "name" : "2017", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2017" - }, - { - "name" : "dudirectory-default-sql-injection(30783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4908", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4908" + }, + { + "name": "20061207 DUdirectory Admin Panel SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453809/100/0/threaded" + }, + { + "name": "21485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21485" + }, + { + "name": "23275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23275" + }, + { + "name": "2017", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2017" + }, + { + "name": "dudirectory-default-sql-injection(30783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30783" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6495.json b/2006/6xxx/CVE-2006-6495.json index a1d9187c2ba..5dd5db28e57 100644 --- a/2006/6xxx/CVE-2006-6495.json +++ b/2006/6xxx/CVE-2006-6495.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061212 Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm" - }, - { - "name" : "102724", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1" - }, - { - "name" : "21564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21564" - }, - { - "name" : "ADV-2006-4979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4979" - }, - { - "name" : "oval:org.mitre.oval:def:1909", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1909" - }, - { - "name" : "1017376", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017376" - }, - { - "name" : "23317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23317" - }, - { - "name" : "23991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23991" - }, - { - "name" : "solaris-ld-doprf-bo(30848)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23317" + }, + { + "name": "23991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23991" + }, + { + "name": "20061212 Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450" + }, + { + "name": "102724", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1" + }, + { + "name": "21564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21564" + }, + { + "name": "1017376", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017376" + }, + { + "name": "ADV-2006-4979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4979" + }, + { + "name": "oval:org.mitre.oval:def:1909", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1909" + }, + { + "name": "solaris-ld-doprf-bo(30848)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30848" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7014.json b/2006/7xxx/CVE-2006-7014.json index 0ce0e350f7e..c0c0544c7bb 100644 --- a/2006/7xxx/CVE-2006-7014.json +++ b/2006/7xxx/CVE-2006-7014.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060606 BloggIT <= 1.01 (admin.php) Arbitrary code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436259/30/4620/threaded" - }, - { - "name" : "ADV-2006-2210", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2210" - }, - { - "name" : "1016246", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1016246" - }, - { - "name" : "20499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20499" - }, - { - "name" : "2255", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2255" - }, - { - "name" : "bloggit-admin-code-execution(27011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060606 BloggIT <= 1.01 (admin.php) Arbitrary code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436259/30/4620/threaded" + }, + { + "name": "bloggit-admin-code-execution(27011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27011" + }, + { + "name": "2255", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2255" + }, + { + "name": "1016246", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1016246" + }, + { + "name": "ADV-2006-2210", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2210" + }, + { + "name": "20499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20499" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0041.json b/2011/0xxx/CVE-2011-0041.json index 7476fb5c337..2a543360bad 100644 --- a/2011/0xxx/CVE-2011-0041.json +++ b/2011/0xxx/CVE-2011-0041.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka \"GDI+ Integer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-029", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-029" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11854", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka \"GDI+ Integer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-029", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-029" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "oval:org.mitre.oval:def:11854", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11854" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0219.json b/2011/0xxx/CVE-2011-0219.json index bf3ead12afd..4cc6639a05e 100644 --- a/2011/0xxx/CVE-2011-0219.json +++ b/2011/0xxx/CVE-2011-0219.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0361.json b/2011/0xxx/CVE-2011-0361.json index dbc163e9adf..98726d2268a 100644 --- a/2011/0xxx/CVE-2011-0361.json +++ b/2011/0xxx/CVE-2011-0361.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0361", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0361", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0747.json b/2011/0xxx/CVE-2011-0747.json index ed4111e3061..30e8e3d4b1e 100644 --- a/2011/0xxx/CVE-2011-0747.json +++ b/2011/0xxx/CVE-2011-0747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0830.json b/2011/0xxx/CVE-2011-0830.json index e782a1ead4f..a9450addb60 100644 --- a/2011/0xxx/CVE-2011-0830.json +++ b/2011/0xxx/CVE-2011-0830.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors related to Rules Management UI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors related to Rules Management UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0841.json b/2011/0xxx/CVE-2011-0841.json index 636c65fcdfd..eee10c66c36 100644 --- a/2011/0xxx/CVE-2011-0841.json +++ b/2011/0xxx/CVE-2011-0841.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1010.json b/2011/1xxx/CVE-2011-1010.json index 332adf28b5d..9cce1c22686 100644 --- a/2011/1xxx/CVE-2011-1010.json +++ b/2011/1xxx/CVE-2011-1010.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 [PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516615/100/0/threaded" - }, - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[oss-security] 20110222 CVE request: kernel: fs/partitions: validate map_count in mac partition tables", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/22/3" - }, - { - "name" : "[oss-security] 20110222 Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/22/15" - }, - { - "name" : "[oss-security] 20110222 Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/22/11" - }, - { - "name" : "http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt", - "refsource" : "MISC", - "url" : "http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa7ea87a057958a8b7926c1a60a3ca6d696328ed", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa7ea87a057958a8b7926c1a60a3ca6d696328ed" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=679282", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=679282" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "46492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46492" - }, - { - "name" : "1025126", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025126" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "8115", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8115" - }, - { - "name" : "kernel-map-dos(65643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "8115", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8115" + }, + { + "name": "[oss-security] 20110222 CVE request: kernel: fs/partitions: validate map_count in mac partition tables", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/22/3" + }, + { + "name": "kernel-map-dos(65643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65643" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=679282", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679282" + }, + { + "name": "46492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46492" + }, + { + "name": "[oss-security] 20110222 Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/22/11" + }, + { + "name": "20110223 [PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516615/100/0/threaded" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "[oss-security] 20110222 Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/22/15" + }, + { + "name": "1025126", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025126" + }, + { + "name": "http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt", + "refsource": "MISC", + "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa7ea87a057958a8b7926c1a60a3ca6d696328ed", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa7ea87a057958a8b7926c1a60a3ca6d696328ed" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3255.json b/2011/3xxx/CVE-2011-3255.json index 054d1f84694..5a3c2911aad 100644 --- a/2011/3xxx/CVE-2011-3255.json +++ b/2011/3xxx/CVE-2011-3255.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "appleios-appleid-info-disc(70550)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "appleios-appleid-info-disc(70550)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70550" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3521.json b/2011/3xxx/CVE-2011-3521.json index c9762d2f742..33b76244f66 100644 --- a/2011/3xxx/CVE-2011-3521.json +++ b/2011/3xxx/CVE-2011-3521.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02730", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "SSRT100710", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02760", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2" - }, - { - "name" : "SSRT100805", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:1384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "SUSE-SU-2012:0114", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" - }, - { - "name" : "USN-1263-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1263-1" - }, - { - "name" : "50215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50215" - }, - { - "name" : "oval:org.mitre.oval:def:13662", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13662" - }, - { - "name" : "1026215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026215" - }, - { - "name" : "48692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48692" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "oracle-jre-deserialization-unspecified(70850)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "48692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48692" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "oval:org.mitre.oval:def:13662", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13662" + }, + { + "name": "SSRT100805", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "HPSBUX02730", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "SUSE-SU-2012:0114", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" + }, + { + "name": "50215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50215" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT100710", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "RHSA-2011:1384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "oracle-jre-deserialization-unspecified(70850)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70850" + }, + { + "name": "HPSBUX02760", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" + }, + { + "name": "1026215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026215" + }, + { + "name": "USN-1263-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1263-1" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3792.json b/2011/3xxx/CVE-2011-3792.json index f018ada556c..761e1af2683 100644 --- a/2011/3xxx/CVE-2011-3792.json +++ b/2011/3xxx/CVE-2011-3792.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixelpost_v1.7.3", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixelpost_v1.7.3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixelpost_v1.7.3", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixelpost_v1.7.3" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4003.json b/2011/4xxx/CVE-2011-4003.json index 16c8544af16..e8c732f2280 100644 --- a/2011/4xxx/CVE-2011-4003.json +++ b/2011/4xxx/CVE-2011-4003.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4003", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4003", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4126.json b/2011/4xxx/CVE-2011-4126.json index e96e6d13544..3e651b580a5 100644 --- a/2011/4xxx/CVE-2011-4126.json +++ b/2011/4xxx/CVE-2011-4126.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4126", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4126", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4323.json b/2011/4xxx/CVE-2011-4323.json index a515092f65c..971f0f8af03 100644 --- a/2011/4xxx/CVE-2011-4323.json +++ b/2011/4xxx/CVE-2011-4323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4323", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2726. Reason: This candidate is a duplicate of CVE-2011-2726. Notes: All CVE users should reference CVE-2011-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4323", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2726. Reason: This candidate is a duplicate of CVE-2011-2726. Notes: All CVE users should reference CVE-2011-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4549.json b/2011/4xxx/CVE-2011-4549.json index 06280db911e..22a1a8abb09 100644 --- a/2011/4xxx/CVE-2011-4549.json +++ b/2011/4xxx/CVE-2011-4549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4549", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4549", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5086.json b/2013/5xxx/CVE-2013-5086.json index fd7548651cd..c0bb91cd5c3 100644 --- a/2013/5xxx/CVE-2013-5086.json +++ b/2013/5xxx/CVE-2013-5086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5086", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5086", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5371.json b/2013/5xxx/CVE-2013-5371.json index 27498b18791..3b74040bbfc 100644 --- a/2013/5xxx/CVE-2013-5371.json +++ b/2013/5xxx/CVE-2013-5371.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21662608", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21662608" - }, - { - "name" : "IC92933", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933" - }, - { - "name" : "ibm-tsm-cve20135371-refs-perm(86661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-tsm-cve20135371-refs-perm(86661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661" + }, + { + "name": "IC92933", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21662608", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21662608" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5685.json b/2013/5xxx/CVE-2013-5685.json index 1d3be8d10c8..1a672d0ad9a 100644 --- a/2013/5xxx/CVE-2013-5685.json +++ b/2013/5xxx/CVE-2013-5685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5685", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5685", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2280.json b/2014/2xxx/CVE-2014-2280.json index 1ab2a6039f8..8fcc9350994 100644 --- a/2014/2xxx/CVE-2014-2280.json +++ b/2014/2xxx/CVE-2014-2280.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140314 Multiple Vulnerabilities in SeedDMS < = 4.3.3", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html" - }, - { - "name" : "http://packetstormsecurity.com/files/125726", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125726" - }, - { - "name" : "http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG" - }, - { - "name" : "57475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57475" - }, - { - "name" : "seeddms-cve20142280-xss(91830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140314 Multiple Vulnerabilities in SeedDMS < = 4.3.3", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html" + }, + { + "name": "http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG" + }, + { + "name": "seeddms-cve20142280-xss(91830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91830" + }, + { + "name": "57475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57475" + }, + { + "name": "http://packetstormsecurity.com/files/125726", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125726" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2482.json b/2014/2xxx/CVE-2014-2482.json index fd6dd7db4a3..384389aa181 100644 --- a/2014/2xxx/CVE-2014-2482.json +++ b/2014/2xxx/CVE-2014-2482.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Concurrent Processing component in Oracle E-Business Suite 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Concurrent Processing component in Oracle E-Business Suite 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "68651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68651" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6255.json b/2014/6xxx/CVE-2014-6255.json index 88f3c0745af..e3ac4204b08 100644 --- a/2014/6xxx/CVE-2014-6255.json +++ b/2014/6xxx/CVE-2014-6255.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6460.json b/2014/6xxx/CVE-2014-6460.json index 547e90d124f..2781efee55f 100644 --- a/2014/6xxx/CVE-2014-6460.json +++ b/2014/6xxx/CVE-2014-6460.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to QUERY." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70555" - }, - { - "name" : "1031044", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031044" - }, - { - "name" : "61701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to QUERY." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031044", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031044" + }, + { + "name": "61701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61701" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70555" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7404.json b/2014/7xxx/CVE-2014-7404.json index c4b4b42eefa..ceac6b50dc3 100644 --- a/2014/7xxx/CVE-2014-7404.json +++ b/2014/7xxx/CVE-2014-7404.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7404", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7404", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7806.json b/2014/7xxx/CVE-2014-7806.json index 83e9fbb4908..048f0d6c9d8 100644 --- a/2014/7xxx/CVE-2014-7806.json +++ b/2014/7xxx/CVE-2014-7806.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7806", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7806", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0046.json b/2017/0xxx/CVE-2017-0046.json index 12e4d68ac94..162473782ba 100644 --- a/2017/0xxx/CVE-2017-0046.json +++ b/2017/0xxx/CVE-2017-0046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0665.json b/2017/0xxx/CVE-2017-0665.json index c6d12e18ef6..2599faf9eb4 100644 --- a/2017/0xxx/CVE-2017-0665.json +++ b/2017/0xxx/CVE-2017-0665.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99470" + }, + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0765.json b/2017/0xxx/CVE-2017-0765.json index 2b371b32bb1..9bb948ab0cb 100644 --- a/2017/0xxx/CVE-2017-0765.json +++ b/2017/0xxx/CVE-2017-0765.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100649" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000147.json b/2017/1000xxx/CVE-2017-1000147.json index 34b23637b2c..a8924957825 100644 --- a/2017/1000xxx/CVE-2017-1000147.json +++ b/2017/1000xxx/CVE-2017-1000147.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.358633", - "ID" : "CVE-2017-1000147", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<1.9.8, <1.10.6, <15.04.3" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.358633", + "ID": "CVE-2017-1000147", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1480329", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1480329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1480329", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1480329" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18169.json b/2017/18xxx/CVE-2017-18169.json index 1e6a3255670..9fc1409dfb9 100644 --- a/2017/18xxx/CVE-2017-18169.json +++ b/2017/18xxx/CVE-2017-18169.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-04T00:00:00", - "ID" : "CVE-2017-18169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reachable Assertion in Kernel" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-04T00:00:00", + "ID": "CVE-2017-18169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reachable Assertion in Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1126.json b/2017/1xxx/CVE-2017-1126.json index 74e32297cf5..d9be196a493 100644 --- a/2017/1xxx/CVE-2017-1126.json +++ b/2017/1xxx/CVE-2017-1126.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-1126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Integration Bus", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "10.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-1126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Integration Bus", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "10.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008470", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008470" - }, - { - "name" : "101104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101104" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22008470", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22008470" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121341" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1284.json b/2017/1xxx/CVE-2017-1284.json index 715f2732448..ae12a3a90f8 100644 --- a/2017/1xxx/CVE-2017-1284.json +++ b/2017/1xxx/CVE-2017-1284.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-06T00:00:00", - "ID" : "CVE-2017-1284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MQ", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1" - }, - { - "version_value" : "9.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-06T00:00:00", + "ID": "CVE-2017-1284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MQ", + "version": { + "version_data": [ + { + "version_value": "9.0.1" + }, + { + "version_value": "9.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22003851", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22003851" - }, - { - "name" : "99494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22003851", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22003851" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125145" + }, + { + "name": "99494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99494" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1618.json b/2017/1xxx/CVE-2017-1618.json index 871a9321fdc..f4324933076 100644 --- a/2017/1xxx/CVE-2017-1618.json +++ b/2017/1xxx/CVE-2017-1618.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1618", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1618", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1832.json b/2017/1xxx/CVE-2017-1832.json index 7c427b5413d..46a8090189c 100644 --- a/2017/1xxx/CVE-2017-1832.json +++ b/2017/1xxx/CVE-2017-1832.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1832", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1832", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5078.json b/2017/5xxx/CVE-2017-5078.json index 6e61fb06d2e..1ba49cd5df5 100644 --- a/2017/5xxx/CVE-2017-5078.json +++ b/2017/5xxx/CVE-2017-5078.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient validation of untrusted input" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/711020", - "refsource" : "MISC", - "url" : "https://crbug.com/711020" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1399" - }, - { - "name" : "98861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98861" - }, - { - "name" : "1038622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98861" + }, + { + "name": "https://crbug.com/711020", + "refsource": "MISC", + "url": "https://crbug.com/711020" + }, + { + "name": "RHSA-2017:1399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1399" + }, + { + "name": "1038622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038622" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5382.json b/2017/5xxx/CVE-2017-5382.json index 70e6da3b77c..0d485aea192 100644 --- a/2017/5xxx/CVE-2017-5382.json +++ b/2017/5xxx/CVE-2017-5382.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "51" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Feed preview can expose privileged content errors and exceptions" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "51" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1295322", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1295322" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/" - }, - { - "name" : "95763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95763" - }, - { - "name" : "1037693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Feed preview can expose privileged content errors and exceptions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1295322", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1295322" + }, + { + "name": "1037693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037693" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/" + }, + { + "name": "95763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95763" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5607.json b/2017/5xxx/CVE-2017-5607.json index 7f76cec9410..0ef088bb348 100644 --- a/2017/5xxx/CVE-2017-5607.json +++ b/2017/5xxx/CVE-2017-5607.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170401 Splunk Enterprise Information Theft CVE-2017-5607", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/540346/100/0/threaded" - }, - { - "name" : "41779", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41779/" - }, - { - "name" : "20170330 Splunk Enterprise Information Theft - CVE-2017-5607", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Mar/89" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt" - }, - { - "name" : "https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607", - "refsource" : "CONFIRM", - "url" : "https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607" - }, - { - "name" : "97265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97265" - }, - { - "name" : "97286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97286" - }, - { - "name" : "1038170", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038170", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038170" + }, + { + "name": "41779", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41779/" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt" + }, + { + "name": "97286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97286" + }, + { + "name": "20170330 Splunk Enterprise Information Theft - CVE-2017-5607", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Mar/89" + }, + { + "name": "https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607", + "refsource": "CONFIRM", + "url": "https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607" + }, + { + "name": "20170401 Splunk Enterprise Information Theft CVE-2017-5607", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/540346/100/0/threaded" + }, + { + "name": "97265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97265" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5696.json b/2017/5xxx/CVE-2017-5696.json index e04ff4514b2..6e504b1ffd4 100644 --- a/2017/5xxx/CVE-2017-5696.json +++ b/2017/5xxx/CVE-2017-5696.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-01-16T00:00:00", - "ID" : "CVE-2017-5696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Graphics Driver", - "version" : { - "version_data" : [ - { - "version_value" : "15.40.x.x" - }, - { - "version_value" : "15.45.x.x" - }, - { - "version_value" : "21.20.x.x" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure/Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-01-16T00:00:00", + "ID": "CVE-2017-5696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Graphics Driver", + "version": { + "version_data": [ + { + "version_value": "15.40.x.x" + }, + { + "version_value": "15.45.x.x" + }, + { + "version_value": "21.20.x.x" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00080&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00080&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure/Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00080&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00080&languageid=en-fr" + } + ] + } +} \ No newline at end of file