diff --git a/2001/1xxx/CVE-2001-1456.json b/2001/1xxx/CVE-2001-1456.json index c20fd1f0f8f..46cc3a11daa 100644 --- a/2001/1xxx/CVE-2001-1456.json +++ b/2001/1xxx/CVE-2001-1456.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011104-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20011104-01-I" - }, - { - "name" : "CA-2001-25", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-25.html" - }, - { - "name" : "VU#206723", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/206723" - }, - { - "name" : "3290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3290" - }, - { - "name" : "gauntlet-csmap-bo(7088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2001-25", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-25.html" + }, + { + "name": "VU#206723", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/206723" + }, + { + "name": "gauntlet-csmap-bo(7088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7088" + }, + { + "name": "3290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3290" + }, + { + "name": "20011104-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20011104-01-I" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1512.json b/2001/1xxx/CVE-2001-1512.json index 658265d584d..bbba9ef1787 100644 --- a/2001/1xxx/CVE-2001-1512.json +++ b/2001/1xxx/CVE-2001-1512.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=22287", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=22287" - }, - { - "name" : "3662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3662" - }, - { - "name" : "allaire-jrun-webinf-metainf-jsp(7677)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7677.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "allaire-jrun-webinf-metainf-jsp(7677)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7677.php" + }, + { + "name": "3662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3662" + }, + { + "name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22287", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22287" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2148.json b/2006/2xxx/CVE-2006-2148.json index ef46c358df4..80d1ca172bc 100644 --- a/2006/2xxx/CVE-2006-2148.json +++ b/2006/2xxx/CVE-2006-2148.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.cgiirc.org/chngview?cn=263", - "refsource" : "CONFIRM", - "url" : "http://cvs.cgiirc.org/chngview?cn=263" - }, - { - "name" : "http://cvs.cgiirc.org/chngview?cn=283", - "refsource" : "CONFIRM", - "url" : "http://cvs.cgiirc.org/chngview?cn=283" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365680", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365680" - }, - { - "name" : "http://cvs.cgiirc.org/timeline?d=300&e=2006-Apr-30&c=2&px=&s=0&dm=1&x=1&m=1", - "refsource" : "CONFIRM", - "url" : "http://cvs.cgiirc.org/timeline?d=300&e=2006-Apr-30&c=2&px=&s=0&dm=1&x=1&m=1" - }, - { - "name" : "DSA-1052", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1052" - }, - { - "name" : "17799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17799" - }, - { - "name" : "ADV-2006-1607", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1607" - }, - { - "name" : "19922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19922" - }, - { - "name" : "19985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19985" - }, - { - "name" : "cgiirc-client-bo(26173)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1607", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1607" + }, + { + "name": "cgiirc-client-bo(26173)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26173" + }, + { + "name": "http://cvs.cgiirc.org/chngview?cn=283", + "refsource": "CONFIRM", + "url": "http://cvs.cgiirc.org/chngview?cn=283" + }, + { + "name": "19985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19985" + }, + { + "name": "http://cvs.cgiirc.org/chngview?cn=263", + "refsource": "CONFIRM", + "url": "http://cvs.cgiirc.org/chngview?cn=263" + }, + { + "name": "19922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19922" + }, + { + "name": "http://cvs.cgiirc.org/timeline?d=300&e=2006-Apr-30&c=2&px=&s=0&dm=1&x=1&m=1", + "refsource": "CONFIRM", + "url": "http://cvs.cgiirc.org/timeline?d=300&e=2006-Apr-30&c=2&px=&s=0&dm=1&x=1&m=1" + }, + { + "name": "17799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17799" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365680", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365680" + }, + { + "name": "DSA-1052", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1052" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2533.json b/2006/2xxx/CVE-2006-2533.json index ca7be2dba0a..5f617fd7505 100644 --- a/2006/2xxx/CVE-2006-2533.json +++ b/2006/2xxx/CVE-2006-2533.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060521 Destiney Rated Images Script v0.5.0 - XSS Vulnv", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434691/100/0/threaded" - }, - { - "name" : "20060526 Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435093/100/0/threaded" - }, - { - "name" : "18070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18070" - }, - { - "name" : "ADV-2006-1927", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1927" - }, - { - "name" : "20249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20249" - }, - { - "name" : "940", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/940" - }, - { - "name" : "destineyris-multiple-xss(26605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060521 Destiney Rated Images Script v0.5.0 - XSS Vulnv", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434691/100/0/threaded" + }, + { + "name": "20249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20249" + }, + { + "name": "destineyris-multiple-xss(26605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26605" + }, + { + "name": "ADV-2006-1927", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1927" + }, + { + "name": "20060526 Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435093/100/0/threaded" + }, + { + "name": "18070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18070" + }, + { + "name": "940", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/940" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2609.json b/2006/2xxx/CVE-2006-2609.json index 8f6d4916436..6eb497ab031 100644 --- a/2006/2xxx/CVE-2006-2609.json +++ b/2006/2xxx/CVE-2006-2609.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-1930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1930" - }, - { - "name" : "20204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1930" + }, + { + "name": "20204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20204" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2841.json b/2006/2xxx/CVE-2006-2841.json index 3de616368cc..fce9a401c9c 100644 --- a/2006/2xxx/CVE-2006-2841.json +++ b/2006/2xxx/CVE-2006-2841.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1858", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1858" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=577084", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=577084" - }, - { - "name" : "18220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18220" - }, - { - "name" : "ADV-2006-2107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2107" - }, - { - "name" : "26146", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26146" - }, - { - "name" : "26147", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26147" - }, - { - "name" : "26148", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26148" - }, - { - "name" : "26149", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26149" - }, - { - "name" : "26150", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26150" - }, - { - "name" : "20426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20426" - }, - { - "name" : "associated-rootpath-file-include(26931)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26148", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26148" + }, + { + "name": "associated-rootpath-file-include(26931)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26931" + }, + { + "name": "20426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20426" + }, + { + "name": "1858", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1858" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=577084", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=577084" + }, + { + "name": "26147", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26147" + }, + { + "name": "26146", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26146" + }, + { + "name": "26149", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26149" + }, + { + "name": "ADV-2006-2107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2107" + }, + { + "name": "18220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18220" + }, + { + "name": "26150", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26150" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3424.json b/2006/3xxx/CVE-2006-3424.json index a4fbef2e5e2..09119d4e370 100644 --- a/2006/3xxx/CVE-2006-3424.json +++ b/2006/3xxx/CVE-2006-3424.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in WebEx Downloader ActiveX Control, possibly in versions before November 2005, allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060706 WebEx ActiveX Control DLL Injection", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/226" - }, - { - "name" : "ADV-2006-2688", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2688" - }, - { - "name" : "20956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20956" - }, - { - "name" : "webex-activex-multiple-bo(27786)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in WebEx Downloader ActiveX Control, possibly in versions before November 2005, allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2688", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2688" + }, + { + "name": "20956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20956" + }, + { + "name": "20060706 WebEx ActiveX Control DLL Injection", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/226" + }, + { + "name": "webex-activex-multiple-bo(27786)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27786" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3452.json b/2006/3xxx/CVE-2006-3452.json index a6ba108e6ce..dd343975107 100644 --- a/2006/3xxx/CVE-2006-3452.json +++ b/2006/3xxx/CVE-2006-3452.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb06-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb06-08.html" - }, - { - "name" : "18945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18945" - }, - { - "name" : "ADV-2006-2758", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2758" - }, - { - "name" : "27157", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27157" - }, - { - "name" : "1016473", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016473" - }, - { - "name" : "21016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21016" - }, - { - "name" : "acrobat-reader-insecure-permissions(27678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18945" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb06-08.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb06-08.html" + }, + { + "name": "acrobat-reader-insecure-permissions(27678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27678" + }, + { + "name": "ADV-2006-2758", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2758" + }, + { + "name": "27157", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27157" + }, + { + "name": "21016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21016" + }, + { + "name": "1016473", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016473" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3954.json b/2006/3xxx/CVE-2006-3954.json index e50b6ed6e3a..cabe9f9a7b5 100644 --- a/2006/3xxx/CVE-2006-3954.json +++ b/2006/3xxx/CVE-2006-3954.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441534/100/0/threaded" - }, - { - "name" : "19195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19195" - }, - { - "name" : "1319", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded" + }, + { + "name": "1319", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1319" + }, + { + "name": "19195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19195" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6239.json b/2006/6xxx/CVE-2006-6239.json index 12a1a84c89c..d0fa62d8e0c 100644 --- a/2006/6xxx/CVE-2006-6239.json +++ b/2006/6xxx/CVE-2006-6239.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mailenable.com/hotfix/", - "refsource" : "CONFIRM", - "url" : "http://www.mailenable.com/hotfix/" - }, - { - "name" : "ADV-2006-4713", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4713" - }, - { - "name" : "1017287", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017287" - }, - { - "name" : "23105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4713", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4713" + }, + { + "name": "23105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23105" + }, + { + "name": "http://www.mailenable.com/hotfix/", + "refsource": "CONFIRM", + "url": "http://www.mailenable.com/hotfix/" + }, + { + "name": "1017287", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017287" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6319.json b/2006/6xxx/CVE-2006-6319.json index fb4e1d867c0..4380ee11142 100644 --- a/2006/6xxx/CVE-2006-6319.json +++ b/2006/6xxx/CVE-2006-6319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6614.json b/2006/6xxx/CVE-2006-6614.json index 106fdc430a8..9f68e251396 100644 --- a/2006/6xxx/CVE-2006-6614.json +++ b/2006/6xxx/CVE-2006-6614.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402644", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402644" - }, - { - "name" : "21579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21579" - }, - { - "name" : "ADV-2006-4995", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4995" - }, - { - "name" : "23330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23330" - }, - { - "name" : "fai-log-file-info-disclosure(30892)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23330" + }, + { + "name": "fai-log-file-info-disclosure(30892)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30892" + }, + { + "name": "ADV-2006-4995", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4995" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402644", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402644" + }, + { + "name": "21579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21579" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7053.json b/2006/7xxx/CVE-2006-7053.json index dc0ff4cd534..34596d88643 100644 --- a/2006/7xxx/CVE-2006-7053.json +++ b/2006/7xxx/CVE-2006-7053.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are \"misinterpreted.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arkoon.fr/upload/alertes/32AK-2006-01-EN-1.0_EVASION_HTTP.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.arkoon.fr/upload/alertes/32AK-2006-01-EN-1.0_EVASION_HTTP.pdf" - }, - { - "name" : "ADV-2006-2216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2216" - }, - { - "name" : "20570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20570" - }, - { - "name" : "fast360-http-security-bypass(27003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are \"misinterpreted.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fast360-http-security-bypass(27003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27003" + }, + { + "name": "http://www.arkoon.fr/upload/alertes/32AK-2006-01-EN-1.0_EVASION_HTTP.pdf", + "refsource": "CONFIRM", + "url": "http://www.arkoon.fr/upload/alertes/32AK-2006-01-EN-1.0_EVASION_HTTP.pdf" + }, + { + "name": "ADV-2006-2216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2216" + }, + { + "name": "20570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20570" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7112.json b/2006/7xxx/CVE-2006-7112.json index 297ed572ae5..a5e2f28fd0d 100644 --- a/2006/7xxx/CVE-2006-7112.json +++ b/2006/7xxx/CVE-2006-7112.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2712", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2712" - }, - { - "name" : "20912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20912" - }, - { - "name" : "mdpro-pnsvlang-file-include(30026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mdpro-pnsvlang-file-include(30026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30026" + }, + { + "name": "2712", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2712" + }, + { + "name": "20912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20912" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0229.json b/2011/0xxx/CVE-2011-0229.json index 5ad638a97b6..5dc2871e797 100644 --- a/2011/0xxx/CVE-2011-0229.json +++ b/2011/0xxx/CVE-2011-0229.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50091" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50091" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0311.json b/2011/0xxx/CVE-2011-0311.json index 1da134ff265..82a1883fe76 100644 --- a/2011/0xxx/CVE-2011-0311.json +++ b/2011/0xxx/CVE-2011-0311.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IZ89602", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602" - }, - { - "name" : "IZ89620", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89620" - }, - { - "name" : "PM42551", - "refsource" : "AIXAPAR", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=isg1PM42551" - }, - { - "name" : "RHSA-2011:1159", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1159.html" - }, - { - "name" : "RHSA-2011:1265", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1265.html" - }, - { - "name" : "SUSE-SA:2011:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" - }, - { - "name" : "SUSE-SU-2011:0823", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" - }, - { - "name" : "ibm-rjt-classfile-dos(65189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2011:0823", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" + }, + { + "name": "IZ89602", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602" + }, + { + "name": "RHSA-2011:1159", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1159.html" + }, + { + "name": "ibm-rjt-classfile-dos(65189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65189" + }, + { + "name": "IZ89620", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89620" + }, + { + "name": "PM42551", + "refsource": "AIXAPAR", + "url": "https://www-304.ibm.com/support/docview.wss?uid=isg1PM42551" + }, + { + "name": "SUSE-SA:2011:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" + }, + { + "name": "RHSA-2011:1265", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1265.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0492.json b/2011/0xxx/CVE-2011-0492.json index 48c8e6d53e8..e92c42a3f9d 100644 --- a/2011/0xxx/CVE-2011-0492.json +++ b/2011/0xxx/CVE-2011-0492.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Jan-2011/msg00000.html" - }, - { - "name" : "http://blog.torproject.org/blog/tor-02129-released-security-patches", - "refsource" : "CONFIRM", - "url" : "http://blog.torproject.org/blog/tor-02129-released-security-patches" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/2326", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/2326" - }, - { - "name" : "45953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45953" - }, - { - "name" : "tor-blobs-dos(64867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Jan-2011/msg00000.html" + }, + { + "name": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog" + }, + { + "name": "http://blog.torproject.org/blog/tor-02129-released-security-patches", + "refsource": "CONFIRM", + "url": "http://blog.torproject.org/blog/tor-02129-released-security-patches" + }, + { + "name": "tor-blobs-dos(64867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64867" + }, + { + "name": "https://trac.torproject.org/projects/tor/ticket/2326", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/2326" + }, + { + "name": "45953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45953" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0772.json b/2011/0xxx/CVE-2011-0772.json index 613076323ce..21d30975bdb 100644 --- a/2011/0xxx/CVE-2011-0772.json +++ b/2011/0xxx/CVE-2011-0772.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110125 HTB22788: XSS in Pivotx", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515958/100/0/threaded" - }, - { - "name" : "20110125 HTB22790: XSS in Pivotx", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515964/100/0/threaded" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_in_pivotx.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_in_pivotx.html" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html" - }, - { - "name" : "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released", - "refsource" : "CONFIRM", - "url" : "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released" - }, - { - "name" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3409", - "refsource" : "CONFIRM", - "url" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3409" - }, - { - "name" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410", - "refsource" : "CONFIRM", - "url" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410" - }, - { - "name" : "45996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45996" - }, - { - "name" : "70673", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70673" - }, - { - "name" : "70674", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70674" - }, - { - "name" : "43040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43040" - }, - { - "name" : "8062", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8062" - }, - { - "name" : "pivotx-blogroll-xss(64975)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70673", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70673" + }, + { + "name": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released", + "refsource": "CONFIRM", + "url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released" + }, + { + "name": "45996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45996" + }, + { + "name": "pivotx-blogroll-xss(64975)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975" + }, + { + "name": "43040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43040" + }, + { + "name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3409", + "refsource": "CONFIRM", + "url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3409" + }, + { + "name": "70674", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70674" + }, + { + "name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410", + "refsource": "CONFIRM", + "url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_in_pivotx.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html" + }, + { + "name": "20110125 HTB22790: XSS in Pivotx", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded" + }, + { + "name": "8062", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8062" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html" + }, + { + "name": "20110125 HTB22788: XSS in Pivotx", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1173.json b/2011/1xxx/CVE-2011-1173.json index db2089f24ca..41578085e0b 100644 --- a/2011/1xxx/CVE-2011-1173.json +++ b/2011/1xxx/CVE-2011-1173.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netdev] 20110317 [PATCH] econet: 4 byte infoleak to the network", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=130036203528021&w=2" - }, - { - "name" : "[oss-security] 20110318 CVE request: kernel: netfilter & econet infoleaks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/18/15" - }, - { - "name" : "[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleaks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/21/4" - }, - { - "name" : "[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleaks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/21/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "8279", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[netdev] 20110317 [PATCH] econet: 4 byte infoleak to the network", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=130036203528021&w=2" + }, + { + "name": "[oss-security] 20110318 CVE request: kernel: netfilter & econet infoleaks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/18/15" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e" + }, + { + "name": "8279", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8279" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14" + }, + { + "name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleaks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/21/4" + }, + { + "name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleaks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/21/1" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1703.json b/2011/1xxx/CVE-2011-1703.json index 83d408b1c44..c10e64e3cfc 100644 --- a/2011/1xxx/CVE-2011-1703.json +++ b/2011/1xxx/CVE-2011-1703.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110606 ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518271/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-176/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-176/" - }, - { - "name" : "http://download.novell.com/Download?buildid=6_bNby38ERg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=6_bNby38ERg~" - }, - { - "name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008727", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008727" - }, - { - "name" : "48124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48124" - }, - { - "name" : "1025606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025606" - }, - { - "name" : "44811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44811" - }, - { - "name" : "novell-iprint-driverversion-bo(67878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025606" + }, + { + "name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008727", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008727" + }, + { + "name": "http://download.novell.com/Download?buildid=6_bNby38ERg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=6_bNby38ERg~" + }, + { + "name": "novell-iprint-driverversion-bo(67878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67878" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-176/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-176/" + }, + { + "name": "44811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44811" + }, + { + "name": "48124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48124" + }, + { + "name": "20110606 ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518271/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2823.json b/2011/2xxx/CVE-2011-2823.json index 975901ff56a..a2ea2e3c9bb 100644 --- a/2011/2xxx/CVE-2011-2823.json +++ b/2011/2xxx/CVE-2011-2823.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=82552", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=82552" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:13789", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13789", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13789" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=82552", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=82552" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3106.json b/2011/3xxx/CVE-2011-3106.json index 1b00c1c0335..52fb59b949e 100644 --- a/2011/3xxx/CVE-2011-3106.json +++ b/2011/3xxx/CVE-2011-3106.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=122654", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=122654" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html" - }, - { - "name" : "GLSA-201205-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-04.xml" - }, - { - "name" : "53679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53679" - }, - { - "name" : "82251", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82251" - }, - { - "name" : "oval:org.mitre.oval:def:15470", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15470" - }, - { - "name" : "1027098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027098" - }, - { - "name" : "49277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49277" - }, - { - "name" : "49306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201205-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-04.xml" + }, + { + "name": "53679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53679" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=122654", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=122654" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html" + }, + { + "name": "82251", + "refsource": "OSVDB", + "url": "http://osvdb.org/82251" + }, + { + "name": "1027098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027098" + }, + { + "name": "49306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49306" + }, + { + "name": "oval:org.mitre.oval:def:15470", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15470" + }, + { + "name": "49277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49277" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3598.json b/2011/3xxx/CVE-2011-3598.json index bc136b81035..10bc8f97255 100644 --- a/2011/3xxx/CVE-2011-3598.json +++ b/2011/3xxx/CVE-2011-3598.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/04/1" - }, - { - "name" : "[oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/04/10" - }, - { - "name" : "[phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news" - }, - { - "name" : "http://freshmeat.net/projects/phppgadmin/releases/336969", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/phppgadmin/releases/336969" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=385505", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=385505" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=743205", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=743205" - }, - { - "name" : "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842", - "refsource" : "CONFIRM", - "url" : "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842" - }, - { - "name" : "FEDORA-2011-13748", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html" - }, - { - "name" : "FEDORA-2011-13801", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html" - }, - { - "name" : "FEDORA-2011-13805", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html" - }, - { - "name" : "openSUSE-SU-2012:0493", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html" - }, - { - "name" : "49914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49914" - }, - { - "name" : "75997", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75997" - }, - { - "name" : "75998", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75998" - }, - { - "name" : "46248", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46248" - }, - { - "name" : "46426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-13805", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html" + }, + { + "name": "46426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46426" + }, + { + "name": "[phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news" + }, + { + "name": "openSUSE-SU-2012:0493", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html" + }, + { + "name": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842", + "refsource": "CONFIRM", + "url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=385505", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=385505" + }, + { + "name": "46248", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46248" + }, + { + "name": "75998", + "refsource": "OSVDB", + "url": "http://osvdb.org/75998" + }, + { + "name": "FEDORA-2011-13801", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html" + }, + { + "name": "[oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/04/10" + }, + { + "name": "http://freshmeat.net/projects/phppgadmin/releases/336969", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/phppgadmin/releases/336969" + }, + { + "name": "[oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/04/1" + }, + { + "name": "49914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49914" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=743205", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205" + }, + { + "name": "75997", + "refsource": "OSVDB", + "url": "http://osvdb.org/75997" + }, + { + "name": "FEDORA-2011-13748", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3771.json b/2011/3xxx/CVE-2011-3771.json index 63cd2264c97..52301dd02c9 100644 --- a/2011/3xxx/CVE-2011-3771.json +++ b/2011/3xxx/CVE-2011-3771.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpBook-2.1.0", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpBook-2.1.0" - }, - { - "name" : "phpbook-updatesmilies-path-disclosure(70601)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbook-updatesmilies-path-disclosure(70601)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70601" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpBook-2.1.0", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpBook-2.1.0" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3888.json b/2011/3xxx/CVE-2011-3888.json index c15d5c84298..e87cc0d5442 100644 --- a/2011/3xxx/CVE-2011-3888.json +++ b/2011/3xxx/CVE-2011-3888.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=99138", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=99138" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" - }, - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:13107", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13107" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "google-chrome-editing-code-exec(70966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70966" - }, - { - "name" : "apple-webkit-cve20113888-code-execution(73805)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-editing-code-exec(70966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70966" + }, + { + "name": "apple-webkit-cve20113888-code-execution(73805)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73805" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "oval:org.mitre.oval:def:13107", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13107" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=99138", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=99138" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4534.json b/2011/4xxx/CVE-2011-4534.json index 8f2b3624991..4c09a6e9425 100644 --- a/2011/4xxx/CVE-2011-4534.json +++ b/2011/4xxx/CVE-2011-4534.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-013-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-013-01.pdf" - }, - { - "name" : "47892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-013-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-013-01.pdf" + }, + { + "name": "47892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47892" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4760.json b/2011/4xxx/CVE-2011-4760.json index c3d76365ea9..f8bbcaff2de 100644 --- a/2011/4xxx/CVE-2011-4760.json +++ b/2011/4xxx/CVE-2011-4760.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html" - }, - { - "name" : "ppsbp-lad-info-disc(72212)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ppsbp-lad-info-disc(72212)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72212" + }, + { + "name": "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4844.json b/2011/4xxx/CVE-2011-4844.json index 7054997ff0f..e7366af1479 100644 --- a/2011/4xxx/CVE-2011-4844.json +++ b/2011/4xxx/CVE-2011-4844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4893.json b/2011/4xxx/CVE-2011-4893.json index b82129d3f76..ed0ea87bec9 100644 --- a/2011/4xxx/CVE-2011-4893.json +++ b/2011/4xxx/CVE-2011-4893.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4893", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4893", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5177.json b/2013/5xxx/CVE-2013-5177.json index 3fa3ce4e036..8a9441d6a3f 100644 --- a/2013/5xxx/CVE-2013-5177.json +++ b/2013/5xxx/CVE-2013-5177.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-10-22-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5197.json b/2013/5xxx/CVE-2013-5197.json index 2514f4a11a9..a6e1f61911c 100644 --- a/2013/5xxx/CVE-2013-5197.json +++ b/2013/5xxx/CVE-2013-5197.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6162", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6162" - }, - { - "name" : "http://support.apple.com/kb/HT6163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6163" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2013-12-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0087.html" - }, - { - "name" : "APPLE-SA-2013-12-16-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-12-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0087.html" + }, + { + "name": "http://support.apple.com/kb/HT6163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6163" + }, + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "http://support.apple.com/kb/HT6162", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6162" + }, + { + "name": "APPLE-SA-2013-12-16-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5557.json b/2013/5xxx/CVE-2013-5557.json index a4ca8820daf..b123f7343e5 100644 --- a/2013/5xxx/CVE-2013-5557.json +++ b/2013/5xxx/CVE-2013-5557.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37383", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37383" - }, - { - "name" : "20150206 Cisco Adaptive Security Appliance WebVPN Content Rewriter Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5557" - }, - { - "name" : "72529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72529" - }, - { - "name" : "cisco-asa-cve20135557-dos(100694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72529" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37383", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37383" + }, + { + "name": "20150206 Cisco Adaptive Security Appliance WebVPN Content Rewriter Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5557" + }, + { + "name": "cisco-asa-cve20135557-dos(100694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100694" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5636.json b/2013/5xxx/CVE-2013-5636.json index 34997658c56..e324c776953 100644 --- a/2013/5xxx/CVE-2013-5636.json +++ b/2013/5xxx/CVE-2013-5636.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt", - "refsource" : "MISC", - "url" : "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt" - }, - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589", - "refsource" : "CONFIRM", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt", + "refsource": "MISC", + "url": "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt" + }, + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589", + "refsource": "CONFIRM", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5689.json b/2013/5xxx/CVE-2013-5689.json index 39782c5f882..ae515e49a93 100644 --- a/2013/5xxx/CVE-2013-5689.json +++ b/2013/5xxx/CVE-2013-5689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5689", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5688. Reason: This issue has been MERGED with CVE-2013-5688 in accordance with CVE content decisions, because it is the same type of vulnerability affecting the same versions. Notes: All CVE users should reference CVE-2013-5688 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5689", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5688. Reason: This issue has been MERGED with CVE-2013-5688 in accordance with CVE content decisions, because it is the same type of vulnerability affecting the same versions. Notes: All CVE users should reference CVE-2013-5688 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2930.json b/2014/2xxx/CVE-2014-2930.json index 6f85a045c7c..27711195e92 100644 --- a/2014/2xxx/CVE-2014-2930.json +++ b/2014/2xxx/CVE-2014-2930.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2930", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2930", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6316.json b/2014/6xxx/CVE-2014-6316.json index 063aa520d4f..92a03c93d10 100644 --- a/2014/6xxx/CVE-2014-6316.json +++ b/2014/6xxx/CVE-2014-6316.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141202 CVE-2014-6316: URL redirection issue in MantisBT", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/03/11" - }, - { - "name" : "[oss-security] 20141205 RE: CVE-2014-6316: URL redirection issue in MantisBT", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/931" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/e66ecc9f", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/e66ecc9f" - }, - { - "name" : "https://www.mantisbt.org/bugs/view.php?id=17648", - "refsource" : "CONFIRM", - "url" : "https://www.mantisbt.org/bugs/view.php?id=17648" - }, - { - "name" : "DSA-3120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3120" - }, - { - "name" : "71478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71478" - }, - { - "name" : "62101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62101" - }, - { - "name" : "mantisbt-cve20146316-open-redirect(99128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mantisbt.org/bugs/view.php?id=17648", + "refsource": "CONFIRM", + "url": "https://www.mantisbt.org/bugs/view.php?id=17648" + }, + { + "name": "mantisbt-cve20146316-open-redirect(99128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128" + }, + { + "name": "71478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71478" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/e66ecc9f", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/e66ecc9f" + }, + { + "name": "[oss-security] 20141205 RE: CVE-2014-6316: URL redirection issue in MantisBT", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/931" + }, + { + "name": "[oss-security] 20141202 CVE-2014-6316: URL redirection issue in MantisBT", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/03/11" + }, + { + "name": "62101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62101" + }, + { + "name": "DSA-3120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3120" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6932.json b/2014/6xxx/CVE-2014-6932.json index cf86b9432ca..5f4564f989f 100644 --- a/2014/6xxx/CVE-2014-6932.json +++ b/2014/6xxx/CVE-2014-6932.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The All Navalny (aka com.all.navalny) application 1.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#655625", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/655625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The All Navalny (aka com.all.navalny) application 1.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#655625", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/655625" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7735.json b/2014/7xxx/CVE-2014-7735.json index b5087e2bd12..d07d03795f2 100644 --- a/2014/7xxx/CVE-2014-7735.json +++ b/2014/7xxx/CVE-2014-7735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#871665", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/871665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#871665", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/871665" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0273.json b/2017/0xxx/CVE-2017-0273.json index 3ce9dbf44fb..00bfaeee590 100644 --- a/2017/0xxx/CVE-2017-0273.json +++ b/2017/0xxx/CVE-2017-0273.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Block Message 1.0", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Block Message 1.0", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0273", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0273" - }, - { - "name" : "98274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98274" - }, - { - "name" : "1038433", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98274" + }, + { + "name": "1038433", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038433" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0273", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0273" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0363.json b/2017/0xxx/CVE-2017-0363.json index b086ee051dc..3d2b78cf08b 100644 --- a/2017/0xxx/CVE-2017-0363.json +++ b/2017/0xxx/CVE-2017-0363.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", - "ID" : "CVE-2017-0363", - "STATE" : "PUBLIC", - "TITLE" : "Special:UserLogin?returnto=interwiki:foo will redirect to external sites" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mediawiki", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "mediawiki" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "redirection to other external sites" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", + "ID": "CVE-2017-0363", + "STATE": "PUBLIC", + "TITLE": "Special:UserLogin?returnto=interwiki:foo will redirect to external sites" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mediawiki", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "mediawiki" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" - }, - { - "name" : "https://phabricator.wikimedia.org/T109140", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T109140" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0363", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0363" - } - ] - }, - "source" : { - "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "redirection to other external sites" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + }, + { + "name": "https://phabricator.wikimedia.org/T109140", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T109140" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-0363", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-0363" + } + ] + }, + "source": { + "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0427.json b/2017/0xxx/CVE-2017-0427.json index baf5dbb5a90..4354f5ee579 100644 --- a/2017/0xxx/CVE-2017-0427.json +++ b/2017/0xxx/CVE-2017-0427.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96071" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96071" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0786.json b/2017/0xxx/CVE-2017-0786.json index 0cabef82434..a7a2a42c689 100644 --- a/2017/0xxx/CVE-2017-0786.json +++ b/2017/0xxx/CVE-2017-0786.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100655" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0901.json b/2017/0xxx/CVE-2017-0901.json index f95f933d282..f70f11a2ec6 100644 --- a/2017/0xxx/CVE-2017-0901.json +++ b/2017/0xxx/CVE-2017-0901.json @@ -1,133 +1,133 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2017-08-27T00:00:00", - "ID" : "CVE-2017-0901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RubyGems", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 2.6.13" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'Ûª) (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2017-08-27T00:00:00", + "ID": "CVE-2017-0901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RubyGems", + "version": { + "version_data": [ + { + "version_value": "Versions before 2.6.13" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42611", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42611/" - }, - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" - }, - { - "name" : "http://blog.rubygems.org/2017/08/27/2.6.13-released.html", - "refsource" : "MISC", - "url" : "http://blog.rubygems.org/2017/08/27/2.6.13-released.html" - }, - { - "name" : "https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2", - "refsource" : "MISC", - "url" : "https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2" - }, - { - "name" : "https://hackerone.com/reports/243156", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/243156" - }, - { - "name" : "DSA-3966", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3966" - }, - { - "name" : "GLSA-201710-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-01" - }, - { - "name" : "RHSA-2017:3485", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3485" - }, - { - "name" : "RHSA-2018:0378", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0378" - }, - { - "name" : "RHSA-2018:0583", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0583" - }, - { - "name" : "RHSA-2018:0585", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0585" - }, - { - "name" : "USN-3553-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3553-1/" - }, - { - "name" : "USN-3685-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3685-1/" - }, - { - "name" : "100580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100580" - }, - { - "name" : "1039249", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'Ûª) (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3685-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3685-1/" + }, + { + "name": "USN-3553-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3553-1/" + }, + { + "name": "RHSA-2018:0585", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0585" + }, + { + "name": "DSA-3966", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3966" + }, + { + "name": "RHSA-2018:0378", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0378" + }, + { + "name": "42611", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42611/" + }, + { + "name": "1039249", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039249" + }, + { + "name": "https://hackerone.com/reports/243156", + "refsource": "MISC", + "url": "https://hackerone.com/reports/243156" + }, + { + "name": "RHSA-2017:3485", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3485" + }, + { + "name": "https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2", + "refsource": "MISC", + "url": "https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" + }, + { + "name": "RHSA-2018:0583", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0583" + }, + { + "name": "GLSA-201710-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-01" + }, + { + "name": "100580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100580" + }, + { + "name": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html", + "refsource": "MISC", + "url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000068.json b/2017/1000xxx/CVE-2017-1000068.json index 597f77ff870..fc38a53d610 100644 --- a/2017/1000xxx/CVE-2017-1000068.json +++ b/2017/1000xxx/CVE-2017-1000068.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.319123", - "ID" : "CVE-2017-1000068", - "REQUESTER" : "john@betterment.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TestTrack Server", - "version" : { - "version_data" : [ - { - "version_value" : "1.0 and older" - } - ] - } - } - ] - }, - "vendor_name" : "TestTrack" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.319123", + "ID": "CVE-2017-1000068", + "REQUESTER": "john@betterment.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Betterment/test_track/releases/tag/v1.0.1", - "refsource" : "MISC", - "url" : "https://github.com/Betterment/test_track/releases/tag/v1.0.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Betterment/test_track/releases/tag/v1.0.1", + "refsource": "MISC", + "url": "https://github.com/Betterment/test_track/releases/tag/v1.0.1" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000102.json b/2017/1000xxx/CVE-2017-1000102.json index db09a605c40..380dbd4db53 100644 --- a/2017/1000xxx/CVE-2017-1000102.json +++ b/2017/1000xxx/CVE-2017-1000102.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.317430", - "ID" : "CVE-2017-1000102", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Static Analysis Utilities Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.91 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Static Analysis Utilities Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.317430", + "ID": "CVE-2017-1000102", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-08-07/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-08-07/" - }, - { - "name" : "101061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-08-07/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-08-07/" + }, + { + "name": "101061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101061" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000214.json b/2017/1000xxx/CVE-2017-1000214.json index dd2d9323d84..984dd19fa18 100644 --- a/2017/1000xxx/CVE-2017-1000214.json +++ b/2017/1000xxx/CVE-2017-1000214.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.443258", - "ID" : "CVE-2017-1000214", - "REQUESTER" : "thomas.gerbet@enalean.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GitPHP", - "version" : { - "version_data" : [ - { - "version_value" : "2.9.1 and older" - } - ] - } - } - ] - }, - "vendor_name" : "xiphux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GitPHP by xiphux is vulnerable to OS Command Injections" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.443258", + "ID": "CVE-2017-1000214", + "REQUESTER": "thomas.gerbet@enalean.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Enalean/gitphp/commit/160621785ee812d6d90e20878bd6175e42c13c94", - "refsource" : "CONFIRM", - "url" : "https://github.com/Enalean/gitphp/commit/160621785ee812d6d90e20878bd6175e42c13c94" - }, - { - "name" : "https://github.com/xiphux/gitphp/pull/37", - "refsource" : "CONFIRM", - "url" : "https://github.com/xiphux/gitphp/pull/37" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitPHP by xiphux is vulnerable to OS Command Injections" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xiphux/gitphp/pull/37", + "refsource": "CONFIRM", + "url": "https://github.com/xiphux/gitphp/pull/37" + }, + { + "name": "https://github.com/Enalean/gitphp/commit/160621785ee812d6d90e20878bd6175e42c13c94", + "refsource": "CONFIRM", + "url": "https://github.com/Enalean/gitphp/commit/160621785ee812d6d90e20878bd6175e42c13c94" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18004.json b/2017/18xxx/CVE-2017-18004.json index 991983adafc..f1e376161c3 100644 --- a/2017/18xxx/CVE-2017-18004.json +++ b/2017/18xxx/CVE-2017-18004.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bitbucket.org/zurmo/zurmo/issues/436/to-report-a-xss-security-vulnerability-in", - "refsource" : "MISC", - "url" : "https://bitbucket.org/zurmo/zurmo/issues/436/to-report-a-xss-security-vulnerability-in" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bitbucket.org/zurmo/zurmo/issues/436/to-report-a-xss-security-vulnerability-in", + "refsource": "MISC", + "url": "https://bitbucket.org/zurmo/zurmo/issues/436/to-report-a-xss-security-vulnerability-in" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18155.json b/2017/18xxx/CVE-2017-18155.json index 0f119a8bf5c..25f2d2b83cd 100644 --- a/2017/18xxx/CVE-2017-18155.json +++ b/2017/18xxx/CVE-2017-18155.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-04T00:00:00", - "ID" : "CVE-2017-18155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Unitialized Variable in Video" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-04T00:00:00", + "ID": "CVE-2017-18155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Unitialized Variable in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1012.json b/2017/1xxx/CVE-2017-1012.json index dc5bda740f6..081d3d58b55 100644 --- a/2017/1xxx/CVE-2017-1012.json +++ b/2017/1xxx/CVE-2017-1012.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1012", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1012", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1077.json b/2017/1xxx/CVE-2017-1077.json index d16fb5d0a39..894be234f05 100644 --- a/2017/1xxx/CVE-2017-1077.json +++ b/2017/1xxx/CVE-2017-1077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1096.json b/2017/1xxx/CVE-2017-1096.json index 95b3a3f9ffb..3897c71958a 100644 --- a/2017/1xxx/CVE-2017-1096.json +++ b/2017/1xxx/CVE-2017-1096.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2017-1096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2017-1096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120656", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120656" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001007", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001007" - }, - { - "name" : "99353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120656", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120656" + }, + { + "name": "99353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99353" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001007", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001007" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1584.json b/2017/1xxx/CVE-2017-1584.json index ec84301ee77..55bb65cade7 100644 --- a/2017/1xxx/CVE-2017-1584.json +++ b/2017/1xxx/CVE-2017-1584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1584", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1584", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1698.json b/2017/1xxx/CVE-2017-1698.json index 419b030abec..6419773537e 100644 --- a/2017/1xxx/CVE-2017-1698.json +++ b/2017/1xxx/CVE-2017-1698.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-21T00:00:00", - "ID" : "CVE-2017-1698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Portal", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-21T00:00:00", + "ID": "CVE-2017-1698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Portal", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22011519", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011519" - }, - { - "name" : "102281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102281" - }, - { - "name" : "1040043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22011519", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22011519" + }, + { + "name": "102281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102281" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390" + }, + { + "name": "1040043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040043" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1703.json b/2017/1xxx/CVE-2017-1703.json index 11c7a7381a6..baf7f0c93f8 100644 --- a/2017/1xxx/CVE-2017-1703.json +++ b/2017/1xxx/CVE-2017-1703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1703", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1703", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4476.json b/2017/4xxx/CVE-2017-4476.json index 23622efa7d5..4eeed022ce3 100644 --- a/2017/4xxx/CVE-2017-4476.json +++ b/2017/4xxx/CVE-2017-4476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4476", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4476", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4738.json b/2017/4xxx/CVE-2017-4738.json index eebba13192c..249df6f4ed6 100644 --- a/2017/4xxx/CVE-2017-4738.json +++ b/2017/4xxx/CVE-2017-4738.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4738", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4738", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5225.json b/2017/5xxx/CVE-2017-5225.json index b5447b23839..22c67ab26d9 100644 --- a/2017/5xxx/CVE-2017-5225.json +++ b/2017/5xxx/CVE-2017-5225.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2656", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2656" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2657", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2657" - }, - { - "name" : "https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7", - "refsource" : "CONFIRM", - "url" : "https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7" - }, - { - "name" : "DSA-3844", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3844" - }, - { - "name" : "GLSA-201709-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-27" - }, - { - "name" : "95413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95413" - }, - { - "name" : "1037911", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3844", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3844" + }, + { + "name": "GLSA-201709-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-27" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2656", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2656" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2657", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2657" + }, + { + "name": "1037911", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037911" + }, + { + "name": "95413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95413" + }, + { + "name": "https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7", + "refsource": "CONFIRM", + "url": "https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5293.json b/2017/5xxx/CVE-2017-5293.json index 1c0c7e44059..66c19f4fc9b 100644 --- a/2017/5xxx/CVE-2017-5293.json +++ b/2017/5xxx/CVE-2017-5293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file