From e9538fac23bce8fb5f52744dbf23927b0456c414 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:54:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/3xxx/CVE-2006-3138.json | 190 ++++++++++++------------ 2006/3xxx/CVE-2006-3359.json | 160 ++++++++++----------- 2006/3xxx/CVE-2006-3759.json | 160 ++++++++++----------- 2006/4xxx/CVE-2006-4224.json | 140 +++++++++--------- 2006/4xxx/CVE-2006-4774.json | 220 ++++++++++++++-------------- 2006/4xxx/CVE-2006-4787.json | 160 ++++++++++----------- 2006/6xxx/CVE-2006-6293.json | 240 +++++++++++++++---------------- 2006/6xxx/CVE-2006-6605.json | 190 ++++++++++++------------ 2006/6xxx/CVE-2006-6624.json | 180 +++++++++++------------ 2006/6xxx/CVE-2006-6875.json | 140 +++++++++--------- 2006/6xxx/CVE-2006-6973.json | 120 ++++++++-------- 2006/7xxx/CVE-2006-7068.json | 140 +++++++++--------- 2010/2xxx/CVE-2010-2041.json | 180 +++++++++++------------ 2010/2xxx/CVE-2010-2343.json | 200 +++++++++++++------------- 2010/2xxx/CVE-2010-2618.json | 160 ++++++++++----------- 2010/2xxx/CVE-2010-2773.json | 34 ++--- 2011/0xxx/CVE-2011-0093.json | 190 ++++++++++++------------ 2011/0xxx/CVE-2011-0150.json | 180 +++++++++++------------ 2011/0xxx/CVE-2011-0431.json | 180 +++++++++++------------ 2011/0xxx/CVE-2011-0501.json | 130 ++++++++--------- 2011/0xxx/CVE-2011-0732.json | 130 ++++++++--------- 2011/1xxx/CVE-2011-1037.json | 34 ++--- 2011/1xxx/CVE-2011-1069.json | 34 ++--- 2011/1xxx/CVE-2011-1557.json | 120 ++++++++-------- 2011/1xxx/CVE-2011-1683.json | 200 +++++++++++++------------- 2011/1xxx/CVE-2011-1749.json | 160 ++++++++++----------- 2011/4xxx/CVE-2011-4427.json | 34 ++--- 2011/4xxx/CVE-2011-4594.json | 160 ++++++++++----------- 2011/4xxx/CVE-2011-4596.json | 160 ++++++++++----------- 2011/4xxx/CVE-2011-4881.json | 120 ++++++++-------- 2011/5xxx/CVE-2011-5222.json | 160 ++++++++++----------- 2014/123xxx/CVE-2014-123456.json | 34 ++--- 2014/2xxx/CVE-2014-2598.json | 200 +++++++++++++------------- 2014/2xxx/CVE-2014-2703.json | 34 ++--- 2014/2xxx/CVE-2014-2919.json | 34 ++--- 2014/2xxx/CVE-2014-2929.json | 34 ++--- 2014/3xxx/CVE-2014-3245.json | 34 ++--- 2014/3xxx/CVE-2014-3264.json | 130 ++++++++--------- 2014/3xxx/CVE-2014-3759.json | 150 +++++++++---------- 2014/3xxx/CVE-2014-3996.json | 170 +++++++++++----------- 2014/6xxx/CVE-2014-6128.json | 34 ++--- 2014/6xxx/CVE-2014-6408.json | 170 +++++++++++----------- 2014/7xxx/CVE-2014-7167.json | 34 ++--- 2014/7xxx/CVE-2014-7470.json | 140 +++++++++--------- 2014/7xxx/CVE-2014-7707.json | 140 +++++++++--------- 2014/7xxx/CVE-2014-7969.json | 34 ++--- 2016/2xxx/CVE-2016-2237.json | 34 ++--- 2017/0xxx/CVE-2017-0209.json | 34 ++--- 2017/0xxx/CVE-2017-0330.json | 140 +++++++++--------- 2017/0xxx/CVE-2017-0880.json | 144 +++++++++---------- 2017/18xxx/CVE-2017-18188.json | 120 ++++++++-------- 2017/18xxx/CVE-2017-18249.json | 145 ++++++++++--------- 2017/1xxx/CVE-2017-1031.json | 34 ++--- 2017/1xxx/CVE-2017-1581.json | 34 ++--- 2017/1xxx/CVE-2017-1634.json | 34 ++--- 2017/1xxx/CVE-2017-1720.json | 198 ++++++++++++------------- 2017/1xxx/CVE-2017-1783.json | 194 ++++++++++++------------- 2017/1xxx/CVE-2017-1975.json | 34 ++--- 2017/5xxx/CVE-2017-5169.json | 130 ++++++++--------- 2017/5xxx/CVE-2017-5526.json | 160 ++++++++++----------- 2017/5xxx/CVE-2017-5600.json | 130 ++++++++--------- 2017/5xxx/CVE-2017-5783.json | 122 ++++++++-------- 62 files changed, 3835 insertions(+), 3830 deletions(-) diff --git a/2006/3xxx/CVE-2006-3138.json b/2006/3xxx/CVE-2006-3138.json index 1d1fc222b00..a747288aadc 100644 --- a/2006/3xxx/CVE-2006-3138.json +++ b/2006/3xxx/CVE-2006-3138.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/phpmydirectory-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/phpmydirectory-xss-vuln.html" - }, - { - "name" : "18539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18539" - }, - { - "name" : "ADV-2006-2427", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2427" - }, - { - "name" : "26669", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26669" - }, - { - "name" : "26670", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26670" - }, - { - "name" : "26671", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26671" - }, - { - "name" : "20718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20718" - }, - { - "name" : "phpmydirectory-multiple-scripts-xss(27211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26671", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26671" + }, + { + "name": "ADV-2006-2427", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2427" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/phpmydirectory-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/phpmydirectory-xss-vuln.html" + }, + { + "name": "phpmydirectory-multiple-scripts-xss(27211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27211" + }, + { + "name": "18539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18539" + }, + { + "name": "26669", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26669" + }, + { + "name": "26670", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26670" + }, + { + "name": "20718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20718" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3359.json b/2006/3xxx/CVE-2006-3359.json index ce34d460e23..c4aac04f5d5 100644 --- a/2006/3xxx/CVE-2006-3359.json +++ b/2006/3xxx/CVE-2006-3359.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060629 NewsPHP 2006 PRO XSS SQL injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438858/100/0/threaded" - }, - { - "name" : "18726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18726" - }, - { - "name" : "26978", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26978" - }, - { - "name" : "1188", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1188" - }, - { - "name" : "newsphp-rssfeed-sql-injection(27509)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "newsphp-rssfeed-sql-injection(27509)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27509" + }, + { + "name": "18726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18726" + }, + { + "name": "1188", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1188" + }, + { + "name": "20060629 NewsPHP 2006 PRO XSS SQL injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438858/100/0/threaded" + }, + { + "name": "26978", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26978" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3759.json b/2006/3xxx/CVE-2006-3759.json index ccf177c86c6..a2231dadc39 100644 --- a/2006/3xxx/CVE-2006-3759.json +++ b/2006/3xxx/CVE-2006-3759.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to \"user group manipulation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://community.mybboard.net/showthread.php?tid=10115", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=10115" - }, - { - "name" : "http://www.mybboard.com/archive.php?nid=15", - "refsource" : "CONFIRM", - "url" : "http://www.mybboard.com/archive.php?nid=15" - }, - { - "name" : "26810", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26810" - }, - { - "name" : "20873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20873" - }, - { - "name" : "mybb-user-groups-unspecified(27446)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to \"user group manipulation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybb-user-groups-unspecified(27446)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27446" + }, + { + "name": "http://community.mybboard.net/showthread.php?tid=10115", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=10115" + }, + { + "name": "http://www.mybboard.com/archive.php?nid=15", + "refsource": "CONFIRM", + "url": "http://www.mybboard.com/archive.php?nid=15" + }, + { + "name": "26810", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26810" + }, + { + "name": "20873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20873" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4224.json b/2006/4xxx/CVE-2006-4224.json index d26c949c03a..157fba7b829 100644 --- a/2006/4xxx/CVE-2006-4224.json +++ b/2006/4xxx/CVE-2006-4224.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 Virtual War v1.5.0 SQL injection and XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443171/100/0/threaded" - }, - { - "name" : "1413", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1413" - }, - { - "name" : "virtualwar-calendar-xss(28552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060814 Virtual War v1.5.0 SQL injection and XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443171/100/0/threaded" + }, + { + "name": "virtualwar-calendar-xss(28552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28552" + }, + { + "name": "1413", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1413" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4774.json b/2006/4xxx/CVE-2006-4774.json index 2e7c5cd4707..c65c22b60df 100644 --- a/2006/4xxx/CVE-2006-4774.json +++ b/2006/4xxx/CVE-2006-4774.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060913 Cisco IOS VTP issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445896/100/0/threaded" - }, - { - "name" : "20060913 Re: Cisco IOS VTP issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445938/100/0/threaded" - }, - { - "name" : "http://www.phenoelit.de/stuff/CiscoVTP.txt", - "refsource" : "MISC", - "url" : "http://www.phenoelit.de/stuff/CiscoVTP.txt" - }, - { - "name" : "20060913 Cisco VLAN Trunking Protocol Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml" - }, - { - "name" : "VU#821420", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/821420" - }, - { - "name" : "19998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19998" - }, - { - "name" : "ADV-2006-3600", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3600" - }, - { - "name" : "28775", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28775" - }, - { - "name" : "1016843", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016843" - }, - { - "name" : "21896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21896" - }, - { - "name" : "cisco-ios-vtp-version-dos(28924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phenoelit.de/stuff/CiscoVTP.txt", + "refsource": "MISC", + "url": "http://www.phenoelit.de/stuff/CiscoVTP.txt" + }, + { + "name": "28775", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28775" + }, + { + "name": "21896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21896" + }, + { + "name": "19998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19998" + }, + { + "name": "20060913 Cisco VLAN Trunking Protocol Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml" + }, + { + "name": "1016843", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016843" + }, + { + "name": "20060913 Re: Cisco IOS VTP issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445938/100/0/threaded" + }, + { + "name": "VU#821420", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/821420" + }, + { + "name": "ADV-2006-3600", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3600" + }, + { + "name": "cisco-ios-vtp-version-dos(28924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28924" + }, + { + "name": "20060913 Cisco IOS VTP issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445896/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4787.json b/2006/4xxx/CVE-2006-4787.json index ef61b0d5aa4..db5a17f971f 100644 --- a/2006/4xxx/CVE-2006-4787.json +++ b/2006/4xxx/CVE-2006-4787.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://whizzo.uoregon.edu/public/src/alphamail/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://whizzo.uoregon.edu/public/src/alphamail/ChangeLog" - }, - { - "name" : "19996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19996" - }, - { - "name" : "ADV-2006-3592", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3592" - }, - { - "name" : "21871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21871" - }, - { - "name" : "alphamail-logging-password-disclosure(28907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://whizzo.uoregon.edu/public/src/alphamail/ChangeLog", + "refsource": "CONFIRM", + "url": "http://whizzo.uoregon.edu/public/src/alphamail/ChangeLog" + }, + { + "name": "alphamail-logging-password-disclosure(28907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28907" + }, + { + "name": "ADV-2006-3592", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3592" + }, + { + "name": "19996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19996" + }, + { + "name": "21871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21871" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6293.json b/2006/6xxx/CVE-2006-6293.json index a87ca6ec903..41d9f183e90 100644 --- a/2006/6xxx/CVE-2006-6293.json +++ b/2006/6xxx/CVE-2006-6293.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061204 F-Prot Antivirus for Unix: heap overflow and Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453475/100/0/threaded" - }, - { - "name" : "20061204 F-Prot Antivirus for Unix: heap overflow and Denial of Service", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html" - }, - { - "name" : "http://gleg.net/vulndisco_meta.shtml", - "refsource" : "MISC", - "url" : "http://gleg.net/vulndisco_meta.shtml" - }, - { - "name" : "http://gleg.net/fprot.txt", - "refsource" : "MISC", - "url" : "http://gleg.net/fprot.txt" - }, - { - "name" : "2893", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2893" - }, - { - "name" : "http://www.f-prot.com/news/gen_news/061201_release_unix467.html", - "refsource" : "CONFIRM", - "url" : "http://www.f-prot.com/news/gen_news/061201_release_unix467.html" - }, - { - "name" : "GLSA-200612-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-12.xml" - }, - { - "name" : "21086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21086" - }, - { - "name" : "ADV-2006-4830", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4830" - }, - { - "name" : "30406", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30406" - }, - { - "name" : "1017331", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017331" - }, - { - "name" : "22879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22879" - }, - { - "name" : "23328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gleg.net/vulndisco_meta.shtml", + "refsource": "MISC", + "url": "http://gleg.net/vulndisco_meta.shtml" + }, + { + "name": "23328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23328" + }, + { + "name": "http://www.f-prot.com/news/gen_news/061201_release_unix467.html", + "refsource": "CONFIRM", + "url": "http://www.f-prot.com/news/gen_news/061201_release_unix467.html" + }, + { + "name": "22879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22879" + }, + { + "name": "30406", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30406" + }, + { + "name": "1017331", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017331" + }, + { + "name": "21086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21086" + }, + { + "name": "20061204 F-Prot Antivirus for Unix: heap overflow and Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453475/100/0/threaded" + }, + { + "name": "http://gleg.net/fprot.txt", + "refsource": "MISC", + "url": "http://gleg.net/fprot.txt" + }, + { + "name": "GLSA-200612-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-12.xml" + }, + { + "name": "20061204 F-Prot Antivirus for Unix: heap overflow and Denial of Service", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html" + }, + { + "name": "ADV-2006-4830", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4830" + }, + { + "name": "2893", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2893" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6605.json b/2006/6xxx/CVE-2006-6605.json index cb2e7e93b38..b33884431ed 100644 --- a/2006/6xxx/CVE-2006-6605.json +++ b/2006/6xxx/CVE-2006-6605.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-6605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061218 Secunia Research: MailEnable POP Service \"PASS\" Command BufferOverflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454713/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-75/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-75/advisory/" - }, - { - "name" : "http://www.mailenable.com/hotfix/", - "refsource" : "CONFIRM", - "url" : "http://www.mailenable.com/hotfix/" - }, - { - "name" : "21645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21645" - }, - { - "name" : "ADV-2006-5052", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5052" - }, - { - "name" : "1017395", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017395" - }, - { - "name" : "23127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23127" - }, - { - "name" : "2053", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017395", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017395" + }, + { + "name": "23127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23127" + }, + { + "name": "2053", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2053" + }, + { + "name": "http://www.mailenable.com/hotfix/", + "refsource": "CONFIRM", + "url": "http://www.mailenable.com/hotfix/" + }, + { + "name": "21645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21645" + }, + { + "name": "20061218 Secunia Research: MailEnable POP Service \"PASS\" Command BufferOverflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454713/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2006-75/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-75/advisory/" + }, + { + "name": "ADV-2006-5052", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5052" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6624.json b/2006/6xxx/CVE-2006-6624.json index 74e92d2334b..a5c4a8eeaa3 100644 --- a/2006/6xxx/CVE-2006-6624.json +++ b/2006/6xxx/CVE-2006-6624.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of \"./\" sequences in the SIZE command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21617.php", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21617.php" - }, - { - "name" : "2934", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2934" - }, - { - "name" : "21617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21617" - }, - { - "name" : "ADV-2006-5041", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5041" - }, - { - "name" : "1017393", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017393" - }, - { - "name" : "23376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23376" - }, - { - "name" : "sambar-size-dos(30920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of \"./\" sequences in the SIZE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23376" + }, + { + "name": "sambar-size-dos(30920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30920" + }, + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/21617.php", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/21617.php" + }, + { + "name": "ADV-2006-5041", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5041" + }, + { + "name": "1017393", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017393" + }, + { + "name": "2934", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2934" + }, + { + "name": "21617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21617" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6875.json b/2006/6xxx/CVE-2006-6875.json index aa5f2b5cec5..03a6a94fbea 100644 --- a/2006/6xxx/CVE-2006-6875.json +++ b/2006/6xxx/CVE-2006-6875.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061228 OpenSER OSP Module remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455412/100/0/threaded" - }, - { - "name" : "21801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21801" - }, - { - "name" : "openser-validateospheader-bo(31151)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21801" + }, + { + "name": "openser-validateospheader-bo(31151)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31151" + }, + { + "name": "20061228 OpenSER OSP Module remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455412/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6973.json b/2006/6xxx/CVE-2006-6973.json index 425d4c6f7e6..9a6e26147a2 100644 --- a/2006/6xxx/CVE-2006-6973.json +++ b/2006/6xxx/CVE-2006-6973.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt", - "refsource" : "MISC", - "url" : "http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt", + "refsource": "MISC", + "url": "http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7068.json b/2006/7xxx/CVE-2006-7068.json index a0c3f8ae750..e07f46d4518 100644 --- a/2006/7xxx/CVE-2006-7068.json +++ b/2006/7xxx/CVE-2006-7068.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2257", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2257" - }, - { - "name" : "19737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19737" - }, - { - "name" : "cliserv-clheaders-file-include(28590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19737" + }, + { + "name": "2257", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2257" + }, + { + "name": "cliserv-clheaders-file-include(28590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28590" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2041.json b/2010/2xxx/CVE-2010-2041.json index 5192fde5928..122bf32c5ce 100644 --- a/2010/2xxx/CVE-2010-2041.json +++ b/2010/2xxx/CVE-2010-2041.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100521 PHP-Calendar \"description\" and \"lastaction\" Cross Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511395/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1005-advisories/phpcalendar-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-advisories/phpcalendar-xss.txt" - }, - { - "name" : "http://php-calendar.blogspot.com/2010/05/php-calendar-20-beta7.html", - "refsource" : "CONFIRM", - "url" : "http://php-calendar.blogspot.com/2010/05/php-calendar-20-beta7.html" - }, - { - "name" : "40334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40334" - }, - { - "name" : "33899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33899" - }, - { - "name" : "ADV-2010-1202", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1202" - }, - { - "name" : "phpcalendar-description-xss(58861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpcalendar-description-xss(58861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58861" + }, + { + "name": "ADV-2010-1202", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1202" + }, + { + "name": "20100521 PHP-Calendar \"description\" and \"lastaction\" Cross Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511395/100/0/threaded" + }, + { + "name": "40334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40334" + }, + { + "name": "http://packetstormsecurity.org/1005-advisories/phpcalendar-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-advisories/phpcalendar-xss.txt" + }, + { + "name": "33899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33899" + }, + { + "name": "http://php-calendar.blogspot.com/2010/05/php-calendar-20-beta7.html", + "refsource": "CONFIRM", + "url": "http://php-calendar.blogspot.com/2010/05/php-calendar-20-beta7.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2343.json b/2010/2xxx/CVE-2010-2343.json index 0d5e1707c3d..0b89d944bf3 100644 --- a/2010/2xxx/CVE-2010-2343.json +++ b/2010/2xxx/CVE-2010-2343.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13760", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13760" - }, - { - "name" : "13763", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13763" - }, - { - "name" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-048-d-r-software-multiple-products/", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-048-d-r-software-multiple-products/" - }, - { - "name" : "40618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40618" - }, - { - "name" : "40631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40631" - }, - { - "name" : "65256", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65256" - }, - { - "name" : "40081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40081" - }, - { - "name" : "ADV-2010-1387", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1387" - }, - { - "name" : "audio-converter-pls-bo(59206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "audio-converter-pls-bo(59206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59206" + }, + { + "name": "40081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40081" + }, + { + "name": "13760", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13760" + }, + { + "name": "65256", + "refsource": "OSVDB", + "url": "http://osvdb.org/65256" + }, + { + "name": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-048-d-r-software-multiple-products/", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-048-d-r-software-multiple-products/" + }, + { + "name": "ADV-2010-1387", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1387" + }, + { + "name": "40618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40618" + }, + { + "name": "40631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40631" + }, + { + "name": "13763", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13763" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2618.json b/2010/2xxx/CVE-2010-2618.json index 55fb28d1f12..9e020b7c6c2 100644 --- a/2010/2xxx/CVE-2010-2618.json +++ b/2010/2xxx/CVE-2010-2618.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14016", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14016" - }, - { - "name" : "15237", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15237" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/adaptcms200-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/adaptcms200-rfi.txt" - }, - { - "name" : "41116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41116" - }, - { - "name" : "adaptcms-init-file-include(59752)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1006-exploits/adaptcms200-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/adaptcms200-rfi.txt" + }, + { + "name": "41116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41116" + }, + { + "name": "adaptcms-init-file-include(59752)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59752" + }, + { + "name": "15237", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15237" + }, + { + "name": "14016", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14016" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2773.json b/2010/2xxx/CVE-2010-2773.json index 49155558550..0c7288cce25 100644 --- a/2010/2xxx/CVE-2010-2773.json +++ b/2010/2xxx/CVE-2010-2773.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2773", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2773", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0093.json b/2011/0xxx/CVE-2011-0093.json index 79cb76129aa..765ebf70ca6 100644 --- a/2011/0xxx/CVE-2011-0093.json +++ b/2011/0xxx/CVE-2011-0093.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka \"Visio Data Type Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-008", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008" - }, - { - "name" : "46138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46138" - }, - { - "name" : "70829", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70829" - }, - { - "name" : "oval:org.mitre.oval:def:12469", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469" - }, - { - "name" : "1025043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025043" - }, - { - "name" : "43254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43254" - }, - { - "name" : "ADV-2011-0321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0321" - }, - { - "name" : "ms-visio-data-code-execution(64924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka \"Visio Data Type Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70829", + "refsource": "OSVDB", + "url": "http://osvdb.org/70829" + }, + { + "name": "ADV-2011-0321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0321" + }, + { + "name": "MS11-008", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008" + }, + { + "name": "ms-visio-data-code-execution(64924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64924" + }, + { + "name": "1025043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025043" + }, + { + "name": "46138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46138" + }, + { + "name": "43254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43254" + }, + { + "name": "oval:org.mitre.oval:def:12469", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0150.json b/2011/0xxx/CVE-2011-0150.json index 781a804276a..faa461a108f 100644 --- a/2011/0xxx/CVE-2011-0150.json +++ b/2011/0xxx/CVE-2011-0150.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:17339", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:17339", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17339" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0431.json b/2011/0xxx/CVE-2011-0431.json index 5da551818a2..af11ce99955 100644 --- a/2011/0xxx/CVE-2011-0431.json +++ b/2011/0xxx/CVE-2011-0431.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-2168", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2168" - }, - { - "name" : "46428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46428" - }, - { - "name" : "1025095", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025095" - }, - { - "name" : "43371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43371" - }, - { - "name" : "43407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43407" - }, - { - "name" : "ADV-2011-0410", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0410" - }, - { - "name" : "ADV-2011-0411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46428" + }, + { + "name": "DSA-2168", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2168" + }, + { + "name": "ADV-2011-0410", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0410" + }, + { + "name": "43371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43371" + }, + { + "name": "1025095", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025095" + }, + { + "name": "ADV-2011-0411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0411" + }, + { + "name": "43407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43407" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0501.json b/2011/0xxx/CVE-2011-0501.json index 02994788a8f..1a703002c55 100644 --- a/2011/0xxx/CVE-2011-0501.json +++ b/2011/0xxx/CVE-2011-0501.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15901", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15901" - }, - { - "name" : "42790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42790" + }, + { + "name": "15901", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15901" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0732.json b/2011/0xxx/CVE-2011-0732.json index 37f4643fb95..c978b730f4b 100644 --- a/2011/0xxx/CVE-2011-0732.json +++ b/2011/0xxx/CVE-2011-0732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to \"security vulnerabilities of Websphere Application Server bundled within\" and \"many internal defects and APARs.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY99978", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IY99978" - }, - { - "name" : "43030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to \"security vulnerabilities of Websphere Application Server bundled within\" and \"many internal defects and APARs.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43030" + }, + { + "name": "IY99978", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IY99978" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1037.json b/2011/1xxx/CVE-2011-1037.json index 13fd5e3b7db..5a779add17b 100644 --- a/2011/1xxx/CVE-2011-1037.json +++ b/2011/1xxx/CVE-2011-1037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1037", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1037", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1069.json b/2011/1xxx/CVE-2011-1069.json index a9991be68ea..18b9bafa655 100644 --- a/2011/1xxx/CVE-2011-1069.json +++ b/2011/1xxx/CVE-2011-1069.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1069", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1069", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1557.json b/2011/1xxx/CVE-2011-1557.json index 9cd3d6ee3bb..f8a119787d2 100644 --- a/2011/1xxx/CVE-2011-1557.json +++ b/2011/1xxx/CVE-2011-1557.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "47100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47100" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1683.json b/2011/1xxx/CVE-2011-1683.json index 9d2c66104bc..97ce72b7fec 100644 --- a/2011/1xxx/CVE-2011-1683.json +++ b/2011/1xxx/CVE-2011-1683.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21473989", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21473989" - }, - { - "name" : "PM35478", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM35478" - }, - { - "name" : "PM35480", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM35480" - }, - { - "name" : "PM35545", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM35545" - }, - { - "name" : "PM35609", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM35609" - }, - { - "name" : "PM35611", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM35611" - }, - { - "name" : "47122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47122" - }, - { - "name" : "43965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43965" - }, - { - "name" : "ADV-2011-0833", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21473989", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21473989" + }, + { + "name": "PM35611", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM35611" + }, + { + "name": "PM35609", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM35609" + }, + { + "name": "43965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43965" + }, + { + "name": "PM35545", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM35545" + }, + { + "name": "PM35480", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM35480" + }, + { + "name": "PM35478", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM35478" + }, + { + "name": "47122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47122" + }, + { + "name": "ADV-2011-0833", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0833" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1749.json b/2011/1xxx/CVE-2011-1749.json index 7c472148929..87881b954ba 100644 --- a/2011/1xxx/CVE-2011-1749.json +++ b/2011/1xxx/CVE-2011-1749.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140425 Re: CVE request: CVE-2011-1089-like flaw in mount.nfs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/04/25/5" - }, - { - "name" : "http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=697975", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=697975" - }, - { - "name" : "RHSA-2011:1534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1534.html" - }, - { - "name" : "RHSA-2012:0310", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0310.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=697975", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=697975" + }, + { + "name": "RHSA-2012:0310", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0310.html" + }, + { + "name": "http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download" + }, + { + "name": "[oss-security] 20140425 Re: CVE request: CVE-2011-1089-like flaw in mount.nfs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/04/25/5" + }, + { + "name": "RHSA-2011:1534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1534.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4427.json b/2011/4xxx/CVE-2011-4427.json index 7585a192b90..4b40d6bfb8b 100644 --- a/2011/4xxx/CVE-2011-4427.json +++ b/2011/4xxx/CVE-2011-4427.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4427", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4427", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4594.json b/2011/4xxx/CVE-2011-4594.json index a048b82a2e3..54a84e5e47b 100644 --- a/2011/4xxx/CVE-2011-4594.json +++ b/2011/4xxx/CVE-2011-4594.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111208 Re: CVE Request -- kernel: send(m)msg: user pointer dereferences", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/12/08/4" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc909d9ddbf7778371e36a651d6e4194b1cc7d4c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc909d9ddbf7778371e36a651d6e4194b1cc7d4c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761646", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761646" - }, - { - "name" : "https://github.com/torvalds/linux/commit/bc909d9ddbf7778371e36a651d6e4194b1cc7d4c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/bc909d9ddbf7778371e36a651d6e4194b1cc7d4c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc909d9ddbf7778371e36a651d6e4194b1cc7d4c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc909d9ddbf7778371e36a651d6e4194b1cc7d4c" + }, + { + "name": "https://github.com/torvalds/linux/commit/bc909d9ddbf7778371e36a651d6e4194b1cc7d4c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/bc909d9ddbf7778371e36a651d6e4194b1cc7d4c" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=761646", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761646" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" + }, + { + "name": "[oss-security] 20111208 Re: CVE Request -- kernel: send(m)msg: user pointer dereferences", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/12/08/4" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4596.json b/2011/4xxx/CVE-2011-4596.json index 352c6020bf9..988ba99880f 100644 --- a/2011/4xxx/CVE-2011-4596.json +++ b/2011/4xxx/CVE-2011-4596.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack] 20111213 [OSSA 2011-001] Path traversal issues registering malicious images using EC2 API (CVE-2011-4596)", - "refsource" : "MLIST", - "url" : "https://lists.launchpad.net/openstack/msg06105.html" - }, - { - "name" : "https://bugs.launchpad.net/nova/+bug/885167", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/nova/+bug/885167" - }, - { - "name" : "https://bugs.launchpad.net/nova/+bug/894755", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/nova/+bug/894755" - }, - { - "name" : "https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6" - }, - { - "name" : "https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e" + }, + { + "name": "https://bugs.launchpad.net/nova/+bug/894755", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/nova/+bug/894755" + }, + { + "name": "[openstack] 20111213 [OSSA 2011-001] Path traversal issues registering malicious images using EC2 API (CVE-2011-4596)", + "refsource": "MLIST", + "url": "https://lists.launchpad.net/openstack/msg06105.html" + }, + { + "name": "https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6" + }, + { + "name": "https://bugs.launchpad.net/nova/+bug/885167", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/nova/+bug/885167" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4881.json b/2011/4xxx/CVE-2011-4881.json index 69d320d13ab..729ab539843 100644 --- a/2011/4xxx/CVE-2011-4881.json +++ b/2011/4xxx/CVE-2011-4881.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5222.json b/2011/5xxx/CVE-2011-5222.json index 7e18c040cc0..c84143b7a58 100644 --- a/2011/5xxx/CVE-2011-5222.json +++ b/2011/5xxx/CVE-2011-5222.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/107971/flirtportal-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/107971/flirtportal-sql.txt" - }, - { - "name" : "51106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51106" - }, - { - "name" : "77945", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77945" - }, - { - "name" : "47290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47290" - }, - { - "name" : "flirtprojekt-rub2w-sql-injection(71875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/107971/flirtportal-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/107971/flirtportal-sql.txt" + }, + { + "name": "51106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51106" + }, + { + "name": "77945", + "refsource": "OSVDB", + "url": "http://osvdb.org/77945" + }, + { + "name": "47290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47290" + }, + { + "name": "flirtprojekt-rub2w-sql-injection(71875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71875" + } + ] + } +} \ No newline at end of file diff --git a/2014/123xxx/CVE-2014-123456.json b/2014/123xxx/CVE-2014-123456.json index 2cd810938cd..42fb7bed566 100644 --- a/2014/123xxx/CVE-2014-123456.json +++ b/2014/123xxx/CVE-2014-123456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-123456", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-123456", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2598.json b/2014/2xxx/CVE-2014-2598.json index 0ec50f2caef..5c97fa82473 100644 --- a/2014/2xxx/CVE-2014-2598.json +++ b/2014/2xxx/CVE-2014-2598.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32867", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32867" - }, - { - "name" : "20140411 CSRF and stored XSS in Quick Page/Post Redirect Plugin (WordPress plugin)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/171" - }, - { - "name" : "http://packetstormsecurity.com/files/126127", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126127" - }, - { - "name" : "https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/" - }, - { - "name" : "https://wordpress.org/plugins/quick-pagepost-redirect-plugin/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/quick-pagepost-redirect-plugin/changelog/" - }, - { - "name" : "105707", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/105707" - }, - { - "name" : "105708", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/105708" - }, - { - "name" : "57883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57883" - }, - { - "name" : "quickpage-wordpress-cve20142598-csrf(92528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105708", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/105708" + }, + { + "name": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/" + }, + { + "name": "105707", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/105707" + }, + { + "name": "20140411 CSRF and stored XSS in Quick Page/Post Redirect Plugin (WordPress plugin)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/171" + }, + { + "name": "http://packetstormsecurity.com/files/126127", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126127" + }, + { + "name": "32867", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32867" + }, + { + "name": "57883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57883" + }, + { + "name": "https://wordpress.org/plugins/quick-pagepost-redirect-plugin/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/quick-pagepost-redirect-plugin/changelog/" + }, + { + "name": "quickpage-wordpress-cve20142598-csrf(92528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92528" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2703.json b/2014/2xxx/CVE-2014-2703.json index 1efedb6038b..2e975f37be8 100644 --- a/2014/2xxx/CVE-2014-2703.json +++ b/2014/2xxx/CVE-2014-2703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2703", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2703", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2919.json b/2014/2xxx/CVE-2014-2919.json index 74e41d00d78..3bf9b458dda 100644 --- a/2014/2xxx/CVE-2014-2919.json +++ b/2014/2xxx/CVE-2014-2919.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2919", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2919", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2929.json b/2014/2xxx/CVE-2014-2929.json index 06ec9ed9756..360237feb70 100644 --- a/2014/2xxx/CVE-2014-2929.json +++ b/2014/2xxx/CVE-2014-2929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3245.json b/2014/3xxx/CVE-2014-3245.json index 89354eb66fc..86706865c6c 100644 --- a/2014/3xxx/CVE-2014-3245.json +++ b/2014/3xxx/CVE-2014-3245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3245", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3245", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3264.json b/2014/3xxx/CVE-2014-3264.json index b218f029256..5bd708ef73f 100644 --- a/2014/3xxx/CVE-2014-3264.json +++ b/2014/3xxx/CVE-2014-3264.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34273", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34273" - }, - { - "name" : "20140519 Cisco ASA Crafter RADIUS Packets Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34273", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34273" + }, + { + "name": "20140519 Cisco ASA Crafter RADIUS Packets Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3264" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3759.json b/2014/3xxx/CVE-2014-3759.json index e38d613bbba..3f771fd9344 100644 --- a/2014/3xxx/CVE-2014-3759.json +++ b/2014/3xxx/CVE-2014-3759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140430 SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531980/100/0/threaded" - }, - { - "name" : "20140430 SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/314" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140430-0_Typo3_si_bibtex_extension_SQL_injection_and_XSS_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140430-0_Typo3_si_bibtex_extension_SQL_injection_and_XSS_vulnerabilities_v10.txt" - }, - { - "name" : "67145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140430 SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/314" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140430-0_Typo3_si_bibtex_extension_SQL_injection_and_XSS_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140430-0_Typo3_si_bibtex_extension_SQL_injection_and_XSS_vulnerabilities_v10.txt" + }, + { + "name": "67145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67145" + }, + { + "name": "20140430 SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531980/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3996.json b/2014/3xxx/CVE-2014-3996.json index 6613bbdcc82..9ec90850668 100644 --- a/2014/3xxx/CVE-2014-3996.json +++ b/2014/3xxx/CVE-2014-3996.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Aug/55" - }, - { - "name" : "20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Aug/85" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb" - }, - { - "name" : "http://packetstormsecurity.com/files/127973/ManageEngine-Password-Manager-MetadataServlet.dat-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127973/ManageEngine-Password-Manager-MetadataServlet.dat-SQL-Injection.html" - }, - { - "name" : "69305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Aug/55" + }, + { + "name": "69305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69305" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb" + }, + { + "name": "http://packetstormsecurity.com/files/127973/ManageEngine-Password-Manager-MetadataServlet.dat-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127973/ManageEngine-Password-Manager-MetadataServlet.dat-SQL-Injection.html" + }, + { + "name": "20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Aug/85" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6128.json b/2014/6xxx/CVE-2014-6128.json index cb88f714861..a5689ea7782 100644 --- a/2014/6xxx/CVE-2014-6128.json +++ b/2014/6xxx/CVE-2014-6128.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6128", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6128", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6408.json b/2014/6xxx/CVE-2014-6408.json index 7bbc01dd87a..3a7531a9f2d 100644 --- a/2014/6xxx/CVE-2014-6408.json +++ b/2014/6xxx/CVE-2014-6408.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141124 Docker 1.3.2 - Security Advisory [24 Nov 2014]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/24/5" - }, - { - "name" : "https://docs.docker.com/v1.3/release-notes/", - "refsource" : "CONFIRM", - "url" : "https://docs.docker.com/v1.3/release-notes/" - }, - { - "name" : "FEDORA-2014-15779", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html" - }, - { - "name" : "openSUSE-SU-2014:1596", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html" - }, - { - "name" : "60171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60171" - }, - { - "name" : "60241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60241" + }, + { + "name": "60171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60171" + }, + { + "name": "https://docs.docker.com/v1.3/release-notes/", + "refsource": "CONFIRM", + "url": "https://docs.docker.com/v1.3/release-notes/" + }, + { + "name": "openSUSE-SU-2014:1596", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html" + }, + { + "name": "FEDORA-2014-15779", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html" + }, + { + "name": "[oss-security] 20141124 Docker 1.3.2 - Security Advisory [24 Nov 2014]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/24/5" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7167.json b/2014/7xxx/CVE-2014-7167.json index efd39bc0075..0940d5de23f 100644 --- a/2014/7xxx/CVE-2014-7167.json +++ b/2014/7xxx/CVE-2014-7167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7167", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7167", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7470.json b/2014/7xxx/CVE-2014-7470.json index 019432c49ab..5e023256584 100644 --- a/2014/7xxx/CVE-2014-7470.json +++ b/2014/7xxx/CVE-2014-7470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#844385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/844385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#844385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/844385" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7707.json b/2014/7xxx/CVE-2014-7707.json index 61f43d5d8f5..091c2ff7c9f 100644 --- a/2014/7xxx/CVE-2014-7707.json +++ b/2014/7xxx/CVE-2014-7707.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#319905", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/319905" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#319905", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/319905" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7969.json b/2014/7xxx/CVE-2014-7969.json index 446eb184821..ee84c0f1130 100644 --- a/2014/7xxx/CVE-2014-7969.json +++ b/2014/7xxx/CVE-2014-7969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7969", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7969", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2237.json b/2016/2xxx/CVE-2016-2237.json index 4f73f2739f4..9d5b62aed5a 100644 --- a/2016/2xxx/CVE-2016-2237.json +++ b/2016/2xxx/CVE-2016-2237.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2237", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2237", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0209.json b/2017/0xxx/CVE-2017-0209.json index 568ded26984..735dccc49fc 100644 --- a/2017/0xxx/CVE-2017-0209.json +++ b/2017/0xxx/CVE-2017-0209.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0209", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0209", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0330.json b/2017/0xxx/CVE-2017-0330.json index 27c086b0202..11d7aaf16bc 100644 --- a/2017/0xxx/CVE-2017-0330.json +++ b/2017/0xxx/CVE-2017-0330.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01.html" - }, - { - "name" : "97347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97347" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97347" + }, + { + "name": "https://source.android.com/security/bulletin/2017-04-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01.html" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0880.json b/2017/0xxx/CVE-2017-0880.json index 71f5d9e9552..30d5890c0ce 100644 --- a/2017/0xxx/CVE-2017-0880.json +++ b/2017/0xxx/CVE-2017-0880.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-0880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-0880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + }, + { + "name": "102126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102126" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18188.json b/2017/18xxx/CVE-2017-18188.json index 76e62bf7651..5e2bc54635f 100644 --- a/2017/18xxx/CVE-2017-18188.json +++ b/2017/18xxx/CVE-2017-18188.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which \"chown -R\" will be run." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OpenRC/opentmpfiles/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/OpenRC/opentmpfiles/issues/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which \"chown -R\" will be run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OpenRC/opentmpfiles/issues/3", + "refsource": "MISC", + "url": "https://github.com/OpenRC/opentmpfiles/issues/3" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18249.json b/2017/18xxx/CVE-2017-18249.json index 28af455593a..57ef1b2899e 100644 --- a/2017/18xxx/CVE-2017-18249.json +++ b/2017/18xxx/CVE-2017-18249.json @@ -1,72 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3" - }, - { - "name" : "https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1031.json b/2017/1xxx/CVE-2017-1031.json index 7957a2ff486..6282cfd0e71 100644 --- a/2017/1xxx/CVE-2017-1031.json +++ b/2017/1xxx/CVE-2017-1031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1031", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1031", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1581.json b/2017/1xxx/CVE-2017-1581.json index 8d498925bd4..f81ee4d577c 100644 --- a/2017/1xxx/CVE-2017-1581.json +++ b/2017/1xxx/CVE-2017-1581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1581", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1581", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1634.json b/2017/1xxx/CVE-2017-1634.json index 0df61099966..c9189d36917 100644 --- a/2017/1xxx/CVE-2017-1634.json +++ b/2017/1xxx/CVE-2017-1634.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1634", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1634", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1720.json b/2017/1xxx/CVE-2017-1720.json index 8cd1e4db983..29a485df986 100644 --- a/2017/1xxx/CVE-2017-1720.json +++ b/2017/1xxx/CVE-2017-1720.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-02-08T00:00:00", - "ID" : "CVE-2017-1720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Client Application Access", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0.1" - }, - { - "version_value" : "1.0.1" - }, - { - "version_value" : "1.0.1.2" - } - ] - } - }, - { - "product_name" : "Notes", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.3.6" - }, - { - "version_value" : "8.5.1.5" - }, - { - "version_value" : "8.5.2.4" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.1.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-02-08T00:00:00", + "ID": "CVE-2017-1720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Client Application Access", + "version": { + "version_data": [ + { + "version_value": "1.0.0.1" + }, + { + "version_value": "1.0.1" + }, + { + "version_value": "1.0.1.2" + } + ] + } + }, + { + "product_name": "Notes", + "version": { + "version_data": [ + { + "version_value": "8.5.3.6" + }, + { + "version_value": "8.5.1.5" + }, + { + "version_value": "8.5.2.4" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.1.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010766", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010766" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010767", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010766", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010766" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010767", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010767" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1783.json b/2017/1xxx/CVE-2017-1783.json index b2fb8e02f77..3ef5e2cbcf6 100644 --- a/2017/1xxx/CVE-2017-1783.json +++ b/2017/1xxx/CVE-2017-1783.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-24T00:00:00", - "ID" : "CVE-2017-1783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cognos Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "11.0" - }, - { - "version_value" : "11.0.1" - }, - { - "version_value" : "11.0.2" - }, - { - "version_value" : "11.0.3" - }, - { - "version_value" : "11.0.4" - }, - { - "version_value" : "11.0.5" - }, - { - "version_value" : "11.0.6" - }, - { - "version_value" : "11.0.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-24T00:00:00", + "ID": "CVE-2017-1783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_value": "11.0" + }, + { + "version_value": "11.0.1" + }, + { + "version_value": "11.0.2" + }, + { + "version_value": "11.0.3" + }, + { + "version_value": "11.0.4" + }, + { + "version_value": "11.0.5" + }, + { + "version_value": "11.0.6" + }, + { + "version_value": "11.0.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22011561", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011561" - }, - { - "name" : "102863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102863" - }, - { - "name" : "1040299", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22011561", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857" + }, + { + "name": "1040299", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040299" + }, + { + "name": "102863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102863" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1975.json b/2017/1xxx/CVE-2017-1975.json index 85045e7a43c..e653ac06ba5 100644 --- a/2017/1xxx/CVE-2017-1975.json +++ b/2017/1xxx/CVE-2017-1975.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1975", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1975", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5169.json b/2017/5xxx/CVE-2017-5169.json index 035f397d5b5..034d9ba1a7b 100644 --- a/2017/5xxx/CVE-2017-5169.json +++ b/2017/5xxx/CVE-2017-5169.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hanwha Techwin Smart Security Manager 1.5 and prior", - "version" : { - "version_data" : [ - { - "version_value" : "Hanwha Techwin Smart Security Manager 1.5 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Hanwha Techwin Smart Security Manager Cross Site Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hanwha Techwin Smart Security Manager 1.5 and prior", + "version": { + "version_data": [ + { + "version_value": "Hanwha Techwin Smart Security Manager 1.5 and prior" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01" - }, - { - "name" : "96147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hanwha Techwin Smart Security Manager Cross Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96147" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5526.json b/2017/5xxx/CVE-2017-5526.json index f8e6786dc2a..92efa6ef5a1 100644 --- a/2017/5xxx/CVE-2017-5526.json +++ b/2017/5xxx/CVE-2017-5526.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in es1370 device", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/18/1" - }, - { - "name" : "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in es1370 device", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/18/8" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da", - "refsource" : "CONFIRM", - "url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da" - }, - { - "name" : "95669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da", + "refsource": "CONFIRM", + "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in es1370 device", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/18/8" + }, + { + "name": "95669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95669" + }, + { + "name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in es1370 device", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/18/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5600.json b/2017/5xxx/CVE-2017-5600.json index a585b842f78..a427439482f 100644 --- a/2017/5xxx/CVE-2017-5600.json +++ b/2017/5xxx/CVE-2017-5600.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/NTAP-20170131-0001", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/NTAP-20170131-0001" - }, - { - "name" : "96041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/s/article/NTAP-20170131-0001", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/NTAP-20170131-0001" + }, + { + "name": "96041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96041" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5783.json b/2017/5xxx/CVE-2017-5783.json index f11d6614193..8d52b9ed723 100644 --- a/2017/5xxx/CVE-2017-5783.json +++ b/2017/5xxx/CVE-2017-5783.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-02-03T00:00:00", - "ID" : "CVE-2017-5783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Matrix Operating Environment", - "version" : { - "version_data" : [ - { - "version_value" : "v7.6" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "clickjacking" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-02-03T00:00:00", + "ID": "CVE-2017-5783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Matrix Operating Environment", + "version": { + "version_data": [ + { + "version_value": "v7.6" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "clickjacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" + } + ] + } +} \ No newline at end of file