From ed99f91e46ebd0f503e0e9c6e6480fb7733fb17b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:39:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0744.json | 140 ++++++------- 2001/0xxx/CVE-2001-0954.json | 160 +++++++-------- 2001/1xxx/CVE-2001-1237.json | 160 +++++++-------- 2001/1xxx/CVE-2001-1389.json | 160 +++++++-------- 2001/1xxx/CVE-2001-1403.json | 140 ++++++------- 2001/1xxx/CVE-2001-1569.json | 130 ++++++------ 2006/2xxx/CVE-2006-2795.json | 140 ++++++------- 2006/6xxx/CVE-2006-6227.json | 160 +++++++-------- 2006/6xxx/CVE-2006-6376.json | 130 ++++++------ 2006/6xxx/CVE-2006-6824.json | 250 +++++++++++------------ 2006/6xxx/CVE-2006-6871.json | 160 +++++++-------- 2006/7xxx/CVE-2006-7206.json | 150 +++++++------- 2011/0xxx/CVE-2011-0559.json | 310 ++++++++++++++--------------- 2011/0xxx/CVE-2011-0965.json | 34 ++-- 2011/2xxx/CVE-2011-2072.json | 160 +++++++-------- 2011/2xxx/CVE-2011-2241.json | 130 ++++++------ 2011/2xxx/CVE-2011-2564.json | 140 ++++++------- 2011/2xxx/CVE-2011-2717.json | 34 ++-- 2011/2xxx/CVE-2011-2809.json | 200 +++++++++---------- 2011/3xxx/CVE-2011-3174.json | 130 ++++++------ 2011/3xxx/CVE-2011-3204.json | 150 +++++++------- 2011/3xxx/CVE-2011-3502.json | 130 ++++++------ 2011/3xxx/CVE-2011-3513.json | 150 +++++++------- 2011/3xxx/CVE-2011-3989.json | 150 +++++++------- 2011/4xxx/CVE-2011-4220.json | 120 +++++------ 2011/4xxx/CVE-2011-4424.json | 34 ++-- 2011/4xxx/CVE-2011-4527.json | 34 ++-- 2013/1xxx/CVE-2013-1090.json | 130 ++++++------ 2013/1xxx/CVE-2013-1166.json | 120 +++++------ 2013/1xxx/CVE-2013-1888.json | 180 ++++++++--------- 2013/5xxx/CVE-2013-5342.json | 34 ++-- 2013/5xxx/CVE-2013-5475.json | 120 +++++------ 2013/5xxx/CVE-2013-5532.json | 150 +++++++------- 2013/5xxx/CVE-2013-5719.json | 180 ++++++++--------- 2013/5xxx/CVE-2013-5885.json | 160 +++++++-------- 2014/2xxx/CVE-2014-2050.json | 34 ++-- 2014/2xxx/CVE-2014-2347.json | 130 ++++++------ 2014/2xxx/CVE-2014-2727.json | 34 ++-- 2014/6xxx/CVE-2014-6607.json | 140 ++++++------- 2014/6xxx/CVE-2014-6974.json | 140 ++++++------- 2017/0xxx/CVE-2017-0291.json | 130 ++++++------ 2017/0xxx/CVE-2017-0303.json | 154 +++++++------- 2017/0xxx/CVE-2017-0384.json | 176 ++++++++-------- 2017/0xxx/CVE-2017-0692.json | 132 ++++++------ 2017/0xxx/CVE-2017-0863.json | 122 ++++++------ 2017/0xxx/CVE-2017-0937.json | 34 ++-- 2017/1000xxx/CVE-2017-1000085.json | 134 ++++++------- 2017/16xxx/CVE-2017-16142.json | 132 ++++++------ 2017/16xxx/CVE-2017-16273.json | 34 ++-- 2017/16xxx/CVE-2017-16778.json | 34 ++-- 2017/1xxx/CVE-2017-1040.json | 34 ++-- 2017/1xxx/CVE-2017-1336.json | 142 ++++++------- 2017/1xxx/CVE-2017-1533.json | 158 +++++++-------- 2017/1xxx/CVE-2017-1782.json | 34 ++-- 2017/4xxx/CVE-2017-4096.json | 34 ++-- 2017/4xxx/CVE-2017-4267.json | 34 ++-- 2017/4xxx/CVE-2017-4527.json | 34 ++-- 2017/4xxx/CVE-2017-4955.json | 130 ++++++------ 58 files changed, 3510 insertions(+), 3510 deletions(-) diff --git a/2001/0xxx/CVE-2001-0744.json b/2001/0xxx/CVE-2001-0744.json index 776592c889a..ab251ba4d2b 100644 --- a/2001/0xxx/CVE-2001-0744.json +++ b/2001/0xxx/CVE-2001-0744.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010531 Imp-2.2.4 temporary files ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html" - }, - { - "name" : "http://www.horde.org/imp/2.2/news.php", - "refsource" : "CONFIRM", - "url" : "http://www.horde.org/imp/2.2/news.php" - }, - { - "name" : "CSSA-2001-025.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-025.0.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.horde.org/imp/2.2/news.php", + "refsource": "CONFIRM", + "url": "http://www.horde.org/imp/2.2/news.php" + }, + { + "name": "CSSA-2001-025.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-025.0.txt" + }, + { + "refsource": "BUGTRAQ", + "name": "20010531 Imp-2.2.4 temporary files", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0954.json b/2001/0xxx/CVE-2001-0954.json index a3e10028f36..844bfd2c266 100644 --- a/2001/0xxx/CVE-2001-0954.json +++ b/2001/0xxx/CVE-2001-0954.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011207 Lotus Domino Web server vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100780146532131&w=2L:1" - }, - { - "name" : "http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B" - }, - { - "name" : "lotus-domino-database-dos(7684)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7684" - }, - { - "name" : "3656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3656" - }, - { - "name" : "2000", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-domino-database-dos(7684)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7684" + }, + { + "name": "20011207 Lotus Domino Web server vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100780146532131&w=2L:1" + }, + { + "name": "3656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3656" + }, + { + "name": "2000", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2000" + }, + { + "name": "http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1237.json b/2001/1xxx/CVE-2001-1237.json index 855477723f6..a7293a55069 100644 --- a/2001/1xxx/CVE-2001-1237.json +++ b/2001/1xxx/CVE-2001-1237.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011002 results of semi-automatic source code audit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" - }, - { - "name" : "http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz" - }, - { - "name" : "3393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3393" - }, - { - "name" : "php-includedir-code-execution(7215)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7215.php" - }, - { - "name" : "VU#847803", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/847803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011002 results of semi-automatic source code audit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" + }, + { + "name": "php-includedir-code-execution(7215)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7215.php" + }, + { + "name": "VU#847803", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/847803" + }, + { + "name": "3393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3393" + }, + { + "name": "http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz", + "refsource": "CONFIRM", + "url": "http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1389.json b/2001/1xxx/CVE-2001-1389.json index 11296fc0f69..89bea1feaf5 100644 --- a/2001/1xxx/CVE-2001-1389.json +++ b/2001/1xxx/CVE-2001-1389.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010830 xinetd 2.3.0 audit status", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99913751525583&w=2" - }, - { - "name" : "RHSA-2001:109", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2001-109.html" - }, - { - "name" : "IMNX-2001-70-033-01", - "refsource" : "IMMUNIX", - "url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01" - }, - { - "name" : "MDKSA-2001:076", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3" - }, - { - "name" : "3257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2001:076", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3" + }, + { + "name": "IMNX-2001-70-033-01", + "refsource": "IMMUNIX", + "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01" + }, + { + "name": "20010830 xinetd 2.3.0 audit status", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99913751525583&w=2" + }, + { + "name": "RHSA-2001:109", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2001-109.html" + }, + { + "name": "3257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3257" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1403.json b/2001/1xxx/CVE-2001-1403.json index e7b83c7e85a..dd0da7f1e14 100644 --- a/2001/1xxx/CVE-2001-1403.json +++ b/2001/1xxx/CVE-2001-1403.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by \"shoulder-surfing\" and observing the web browser's location bar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010829 Security Advisory for Bugzilla v2.13 and older", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99912899900567" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=15980", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=15980" - }, - { - "name" : "RHSA-2001:107", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-107.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by \"shoulder-surfing\" and observing the web browser's location bar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=15980", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=15980" + }, + { + "name": "20010829 Security Advisory for Bugzilla v2.13 and older", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99912899900567" + }, + { + "name": "RHSA-2001:107", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-107.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1569.json b/2001/1xxx/CVE-2001-1569.json index 00f692238fe..44d7cb142f6 100644 --- a/2001/1xxx/CVE-2001-1569.json +++ b/2001/1xxx/CVE-2001-1569.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010709 Many WAP gateways do not properly check SSL certificates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/195619" - }, - { - "name" : "wap-gateway-ssl-certificates(6814)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6814.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wap-gateway-ssl-certificates(6814)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6814.php" + }, + { + "name": "20010709 Many WAP gateways do not properly check SSL certificates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/195619" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2795.json b/2006/2xxx/CVE-2006-2795.json index 85558f6bf7d..7bfb73f08ce 100644 --- a/2006/2xxx/CVE-2006-2795.json +++ b/2006/2xxx/CVE-2006-2795.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18710" - }, - { - "name" : "25844", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25844" - }, - { - "name" : "20363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25844", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25844" + }, + { + "name": "18710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18710" + }, + { + "name": "20363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20363" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6227.json b/2006/6xxx/CVE-2006-6227.json index a5155a1452f..0bab7df7873 100644 --- a/2006/6xxx/CVE-2006-6227.json +++ b/2006/6xxx/CVE-2006-6227.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/neoenginex-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/neoenginex-adv.txt" - }, - { - "name" : "http://www.securiteam.com/securitynews/5MP0N2AIUC.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5MP0N2AIUC.html" - }, - { - "name" : "18696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18696" - }, - { - "name" : "27927", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27927" - }, - { - "name" : "neoengine-uimessagelength-dos(27529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/neoenginex-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/neoenginex-adv.txt" + }, + { + "name": "18696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18696" + }, + { + "name": "http://www.securiteam.com/securitynews/5MP0N2AIUC.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5MP0N2AIUC.html" + }, + { + "name": "27927", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27927" + }, + { + "name": "neoengine-uimessagelength-dos(27529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27529" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6376.json b/2006/6xxx/CVE-2006-6376.json index 0e8573faf60..b90ddfb54f9 100644 --- a/2006/6xxx/CVE-2006-6376.json +++ b/2006/6xxx/CVE-2006-6376.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use \"..\" sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2883", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2883" - }, - { - "name" : "sfm-fm-directory-traversal(30687)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use \"..\" sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sfm-fm-directory-traversal(30687)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30687" + }, + { + "name": "2883", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2883" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6824.json b/2006/6xxx/CVE-2006-6824.json index ce2dba2cafc..dbaef79317c 100644 --- a/2006/6xxx/CVE-2006-6824.json +++ b/2006/6xxx/CVE-2006-6824.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071220 PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485397/100/200/threaded" - }, - { - "name" : "http://lostmon.blogspot.com/2006/12/php-icalendar-multiple-variable-cross.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2006/12/php-icalendar-multiple-variable-cross.html" - }, - { - "name" : "21792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21792" - }, - { - "name" : "32493", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32493" - }, - { - "name" : "32494", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32494" - }, - { - "name" : "32495", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32495" - }, - { - "name" : "32496", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32496" - }, - { - "name" : "32497", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32497" - }, - { - "name" : "32498", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32498" - }, - { - "name" : "32499", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32499" - }, - { - "name" : "32500", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32500" - }, - { - "name" : "1017449", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017449" - }, - { - "name" : "23499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23499" - }, - { - "name" : "phpicalendar-multiple-scripts-xss(31146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32498", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32498" + }, + { + "name": "32493", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32493" + }, + { + "name": "http://lostmon.blogspot.com/2006/12/php-icalendar-multiple-variable-cross.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2006/12/php-icalendar-multiple-variable-cross.html" + }, + { + "name": "32496", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32496" + }, + { + "name": "20071220 PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485397/100/200/threaded" + }, + { + "name": "32500", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32500" + }, + { + "name": "1017449", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017449" + }, + { + "name": "32495", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32495" + }, + { + "name": "21792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21792" + }, + { + "name": "32497", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32497" + }, + { + "name": "32499", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32499" + }, + { + "name": "23499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23499" + }, + { + "name": "32494", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32494" + }, + { + "name": "phpicalendar-multiple-scripts-xss(31146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31146" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6871.json b/2006/6xxx/CVE-2006-6871.json index 7320b0668ad..92b66abfc23 100644 --- a/2006/6xxx/CVE-2006-6871.json +++ b/2006/6xxx/CVE-2006-6871.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the \"your Friend\" field in friend.php, or (4) the \"Main Text\" field in admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3004", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3004" - }, - { - "name" : "21333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21333" - }, - { - "name" : "ADV-2006-5187", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5187" - }, - { - "name" : "23502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23502" - }, - { - "name" : "endonesia-modphp-xss(31116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the \"your Friend\" field in friend.php, or (4) the \"Main Text\" field in admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "endonesia-modphp-xss(31116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31116" + }, + { + "name": "ADV-2006-5187", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5187" + }, + { + "name": "3004", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3004" + }, + { + "name": "23502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23502" + }, + { + "name": "21333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21333" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7206.json b/2006/7xxx/CVE-2006-7206.json index 3ad4d5afcc0..4fb724d8592 100644 --- a/2006/7xxx/CVE-2006-7206.json +++ b/2006/7xxx/CVE-2006-7206.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an \"invalid memory access\" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html" - }, - { - "name" : "19227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19227" - }, - { - "name" : "27532", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27532" - }, - { - "name" : "ie-adodbrecordset-dos(28066)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an \"invalid memory access\" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html" + }, + { + "name": "27532", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27532" + }, + { + "name": "ie-adodbrecordset-dos(28066)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28066" + }, + { + "name": "19227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19227" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0559.json b/2011/0xxx/CVE-2011-0559.json index 2ea6c9a6557..fd2203791bf 100644 --- a/2011/0xxx/CVE-2011-0559.json +++ b/2011/0xxx/CVE-2011-0559.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110208 Adobe Flash Player ActionScript Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=894" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-02.html" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2" - }, - { - "name" : "RHSA-2011:0206", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0206.html" - }, - { - "name" : "RHSA-2011:0259", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0259.html" - }, - { - "name" : "RHSA-2011:0368", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0368.html" - }, - { - "name" : "SUSE-SA:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html" - }, - { - "name" : "46186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46186" - }, - { - "name" : "oval:org.mitre.oval:def:14009", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14009" - }, - { - "name" : "oval:org.mitre.oval:def:16231", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16231" - }, - { - "name" : "1025055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025055" - }, - { - "name" : "43267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43267" - }, - { - "name" : "43292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43292" - }, - { - "name" : "43340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43340" - }, - { - "name" : "43351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43351" - }, - { - "name" : "43747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43747" - }, - { - "name" : "ADV-2011-0348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0348" - }, - { - "name" : "ADV-2011-0383", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0383" - }, - { - "name" : "ADV-2011-0402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0402" - }, - { - "name" : "ADV-2011-0646", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0348" + }, + { + "name": "1025055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025055" + }, + { + "name": "oval:org.mitre.oval:def:14009", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14009" + }, + { + "name": "20110208 Adobe Flash Player ActionScript Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=894" + }, + { + "name": "oval:org.mitre.oval:def:16231", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16231" + }, + { + "name": "ADV-2011-0646", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0646" + }, + { + "name": "43267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43267" + }, + { + "name": "43292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43292" + }, + { + "name": "46186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46186" + }, + { + "name": "43351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43351" + }, + { + "name": "43340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43340" + }, + { + "name": "ADV-2011-0383", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0383" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" + }, + { + "name": "43747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43747" + }, + { + "name": "ADV-2011-0402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0402" + }, + { + "name": "RHSA-2011:0259", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0259.html" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2" + }, + { + "name": "RHSA-2011:0206", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0206.html" + }, + { + "name": "SUSE-SA:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html" + }, + { + "name": "RHSA-2011:0368", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0368.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0965.json b/2011/0xxx/CVE-2011-0965.json index f01f1f681f6..f5ca1165a43 100644 --- a/2011/0xxx/CVE-2011-0965.json +++ b/2011/0xxx/CVE-2011-0965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0965", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0965", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2072.json b/2011/2xxx/CVE-2011-2072.json index 337b3beda07..110d5df3cb3 100644 --- a/2011/2xxx/CVE-2011-2072.json +++ b/2011/2xxx/CVE-2011-2072.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129" - }, - { - "name" : "20110928 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml" - }, - { - "name" : "20110928 Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml" - }, - { - "name" : "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm" - }, - { - "name" : "1026110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026110" + }, + { + "name": "20110928 Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml" + }, + { + "name": "20110928 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml" + }, + { + "name": "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2241.json b/2011/2xxx/CVE-2011-2241.json index 2d115f59fcf..6007a4fa350 100644 --- a/2011/2xxx/CVE-2011-2241.json +++ b/2011/2xxx/CVE-2011-2241.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2564.json b/2011/2xxx/CVE-2011-2564.json index 3a535973aa6..ee9759d1331 100644 --- a/2011/2xxx/CVE-2011-2564.json +++ b/2011/2xxx/CVE-2011-2564.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml" - }, - { - "name" : "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml" - }, - { - "name" : "1025969", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml" + }, + { + "name": "1025969", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025969" + }, + { + "name": "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2717.json b/2011/2xxx/CVE-2011-2717.json index d954bfcd3f6..29a4dd0adc8 100644 --- a/2011/2xxx/CVE-2011-2717.json +++ b/2011/2xxx/CVE-2011-2717.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2717", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2717", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2809.json b/2011/2xxx/CVE-2011-2809.json index c909ff11b7b..4395e964363 100644 --- a/2011/2xxx/CVE-2011-2809.json +++ b/2011/2xxx/CVE-2011-2809.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "50066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50066" - }, - { - "name" : "oval:org.mitre.oval:def:16724", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16724" - }, - { - "name" : "apple-unspec-webkit-ce(70502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16724", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16724" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "50066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50066" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + }, + { + "name": "apple-unspec-webkit-ce(70502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70502" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3174.json b/2011/3xxx/CVE-2011-3174.json index cb6d6d2f2e4..dceab687125 100644 --- a/2011/3xxx/CVE-2011-3174.json +++ b/2011/3xxx/CVE-2011-3174.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-319/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-319/" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7009570", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7009570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7009570", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7009570" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-319/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-319/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3204.json b/2011/3xxx/CVE-2011-3204.json index eb0979fca25..2ec0adb266a 100644 --- a/2011/3xxx/CVE-2011-3204.json +++ b/2011/3xxx/CVE-2011-3204.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110826 Security issue in hammerhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/26/9" - }, - { - "name" : "[oss-security] 20110830 Re: Security issue in hammerhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/30/7" - }, - { - "name" : "https://launchpad.net/bugs/826679", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/826679" - }, - { - "name" : "49548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110830 Re: Security issue in hammerhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/30/7" + }, + { + "name": "[oss-security] 20110826 Security issue in hammerhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/26/9" + }, + { + "name": "49548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49548" + }, + { + "name": "https://launchpad.net/bugs/826679", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/826679" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3502.json b/2011/3xxx/CVE-2011-3502.json index d77b460e1a8..05ee3be96d7 100644 --- a/2011/3xxx/CVE-2011-3502.json +++ b/2011/3xxx/CVE-2011-3502.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/cogent_4-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/cogent_4-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf" + }, + { + "name": "http://aluigi.altervista.org/adv/cogent_4-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/cogent_4-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3513.json b/2011/3xxx/CVE-2011-3513.json index a27ba35b706..071e6ca6aee 100644 --- a/2011/3xxx/CVE-2011-3513.json +++ b/2011/3xxx/CVE-2011-3513.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50217" - }, - { - "name" : "46504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46504" - }, - { - "name" : "oebs-aol-hpages-unspecified(70791)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oebs-aol-hpages-unspecified(70791)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70791" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "46504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46504" + }, + { + "name": "50217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50217" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3989.json b/2011/3xxx/CVE-2011-3989.json index dc615b864c3..d5bf20a9760 100644 --- a/2011/3xxx/CVE-2011-3989.json +++ b/2011/3xxx/CVE-2011-3989.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-3989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#51216285", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN51216285/index.html" - }, - { - "name" : "JVNDB-2011-000086", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000086.html" - }, - { - "name" : "50139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50139" - }, - { - "name" : "dbdmysqlpp-unspecified-sql-injection(70680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2011-000086", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000086.html" + }, + { + "name": "50139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50139" + }, + { + "name": "dbdmysqlpp-unspecified-sql-injection(70680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70680" + }, + { + "name": "JVN#51216285", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN51216285/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4220.json b/2011/4xxx/CVE-2011-4220.json index 413e669da12..e2ba46642a4 100644 --- a/2011/4xxx/CVE-2011-4220.json +++ b/2011/4xxx/CVE-2011-4220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#275036", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/275036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#275036", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/275036" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4424.json b/2011/4xxx/CVE-2011-4424.json index dd117472ee6..2a20d09bbaa 100644 --- a/2011/4xxx/CVE-2011-4424.json +++ b/2011/4xxx/CVE-2011-4424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4424", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4424", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4527.json b/2011/4xxx/CVE-2011-4527.json index 9ae2ca8b6ad..26d232d06f9 100644 --- a/2011/4xxx/CVE-2011-4527.json +++ b/2011/4xxx/CVE-2011-4527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1090.json b/2013/1xxx/CVE-2013-1090.json index 2b65fd87e5d..d876fa661f5 100644 --- a/2013/1xxx/CVE-2013-1090.json +++ b/2013/1xxx/CVE-2013-1090.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=811369", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=811369" - }, - { - "name" : "openSUSE-SU-2013:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00025.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=811369", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=811369" + }, + { + "name": "openSUSE-SU-2013:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1166.json b/2013/1xxx/CVE-2013-1166.json index d7b1d63f609..9c0410b8891 100644 --- a/2013/1xxx/CVE-2013-1166.json +++ b/2013/1xxx/CVE-2013-1166.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130410 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130410 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1888.json b/2013/1xxx/CVE-2013-1888.json index 929613fcf11..ef71553af26 100644 --- a/2013/1xxx/CVE-2013-1888.json +++ b/2013/1xxx/CVE-2013-1888.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130322 Re: CVE Request: python-pip insecure temporary directory handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/22/10" - }, - { - "name" : "https://github.com/pypa/pip/issues/725", - "refsource" : "CONFIRM", - "url" : "https://github.com/pypa/pip/issues/725" - }, - { - "name" : "https://github.com/pypa/pip/pull/734/files", - "refsource" : "CONFIRM", - "url" : "https://github.com/pypa/pip/pull/734/files" - }, - { - "name" : "https://github.com/pypa/pip/pull/780/files", - "refsource" : "CONFIRM", - "url" : "https://github.com/pypa/pip/pull/780/files" - }, - { - "name" : "FEDORA-2013-8166", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html" - }, - { - "name" : "FEDORA-2013-8193", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html" - }, - { - "name" : "FEDORA-2013-8221", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130322 Re: CVE Request: python-pip insecure temporary directory handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/22/10" + }, + { + "name": "FEDORA-2013-8221", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html" + }, + { + "name": "https://github.com/pypa/pip/pull/734/files", + "refsource": "CONFIRM", + "url": "https://github.com/pypa/pip/pull/734/files" + }, + { + "name": "https://github.com/pypa/pip/pull/780/files", + "refsource": "CONFIRM", + "url": "https://github.com/pypa/pip/pull/780/files" + }, + { + "name": "FEDORA-2013-8193", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html" + }, + { + "name": "https://github.com/pypa/pip/issues/725", + "refsource": "CONFIRM", + "url": "https://github.com/pypa/pip/issues/725" + }, + { + "name": "FEDORA-2013-8166", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5342.json b/2013/5xxx/CVE-2013-5342.json index 488f6d18e46..7984b91b0d0 100644 --- a/2013/5xxx/CVE-2013-5342.json +++ b/2013/5xxx/CVE-2013-5342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5342", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5342", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5475.json b/2013/5xxx/CVE-2013-5475.json index d3ee5cb45b3..ff0d488d59a 100644 --- a/2013/5xxx/CVE-2013-5475.json +++ b/2013/5xxx/CVE-2013-5475.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130925 Cisco IOS Software DHCP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130925 Cisco IOS Software DHCP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5532.json b/2013/5xxx/CVE-2013-5532.json index 0d3c9fd037d..d81cb7c63d2 100644 --- a/2013/5xxx/CVE-2013-5532.json +++ b/2013/5xxx/CVE-2013-5532.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131010 Cisco 9900 Series Phone webapp Buffer Overflow Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5532" - }, - { - "name" : "62944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62944" - }, - { - "name" : "98338", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98338" - }, - { - "name" : "55275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62944" + }, + { + "name": "20131010 Cisco 9900 Series Phone webapp Buffer Overflow Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5532" + }, + { + "name": "98338", + "refsource": "OSVDB", + "url": "http://osvdb.org/98338" + }, + { + "name": "55275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55275" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5719.json b/2013/5xxx/CVE-2013-5719.json index c8c0e8c996b..04197fb2603 100644 --- a/2013/5xxx/CVE-2013-5719.json +++ b/2013/5xxx/CVE-2013-5719.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51196", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51196" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9020", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9020" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2013-56.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2013-56.html" - }, - { - "name" : "openSUSE-SU-2013:1481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00050.html" - }, - { - "name" : "openSUSE-SU-2013:1483", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00052.html" - }, - { - "name" : "oval:org.mitre.oval:def:18707", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18707" - }, - { - "name" : "55022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00050.html" + }, + { + "name": "oval:org.mitre.oval:def:18707", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18707" + }, + { + "name": "55022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55022" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51196", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51196" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9020", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9020" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2013-56.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2013-56.html" + }, + { + "name": "openSUSE-SU-2013:1483", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00052.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5885.json b/2013/5xxx/CVE-2013-5885.json index 790a6710010..a2ba63b2e53 100644 --- a/2013/5xxx/CVE-2013-5885.json +++ b/2013/5xxx/CVE-2013-5885.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64876" - }, - { - "name" : "102056", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102056" - }, - { - "name" : "oracle-cpujan2014-cve20135885(90366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64876" + }, + { + "name": "102056", + "refsource": "OSVDB", + "url": "http://osvdb.org/102056" + }, + { + "name": "oracle-cpujan2014-cve20135885(90366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90366" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2050.json b/2014/2xxx/CVE-2014-2050.json index 7d2a408c4bc..f35aafc3b96 100644 --- a/2014/2xxx/CVE-2014-2050.json +++ b/2014/2xxx/CVE-2014-2050.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2050", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2050", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2347.json b/2014/2xxx/CVE-2014-2347.json index 533b341ed7e..daf484e0574 100644 --- a/2014/2xxx/CVE-2014-2347.json +++ b/2014/2xxx/CVE-2014-2347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01" - }, - { - "name" : "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf", - "refsource" : "MISC", - "url" : "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01" + }, + { + "name": "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf", + "refsource": "MISC", + "url": "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2727.json b/2014/2xxx/CVE-2014-2727.json index 022c7655e30..c60c0da0ec6 100644 --- a/2014/2xxx/CVE-2014-2727.json +++ b/2014/2xxx/CVE-2014-2727.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2727", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2727", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6607.json b/2014/6xxx/CVE-2014-6607.json index 05964e24b49..fd32f5d069d 100644 --- a/2014/6xxx/CVE-2014-6607.json +++ b/2014/6xxx/CVE-2014-6607.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34718", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34718" - }, - { - "name" : "20140919 M/Monit - Account hijacking via CSRF", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/71" - }, - { - "name" : "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140919 M/Monit - Account hijacking via CSRF", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/71" + }, + { + "name": "34718", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34718" + }, + { + "name": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6974.json b/2014/6xxx/CVE-2014-6974.json index 6b451949b64..e602a9d176a 100644 --- a/2014/6xxx/CVE-2014-6974.json +++ b/2014/6xxx/CVE-2014-6974.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#827401", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/827401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#827401", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/827401" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0291.json b/2017/0xxx/CVE-2017-0291.json index 2624bed6c33..c658e644609 100644 --- a/2017/0xxx/CVE-2017-0291.json +++ b/2017/0xxx/CVE-2017-0291.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows PDF", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka \"Windows PDF Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0292." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows PDF", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0291", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0291" - }, - { - "name" : "98835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka \"Windows PDF Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0292." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0291", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0291" + }, + { + "name": "98835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98835" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0303.json b/2017/0xxx/CVE-2017-0303.json index 44226687f1b..c8e89d626ce 100644 --- a/2017/0xxx/CVE-2017-0303.json +++ b/2017/0xxx/CVE-2017-0303.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-10-26T00:00:00", - "ID" : "CVE-2017-0303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.0.0 - 12.1.2" - }, - { - "version_value" : "11.5.1 - 11.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-10-26T00:00:00", + "ID": "CVE-2017-0303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.0.0 - 12.1.2" + }, + { + "version_value": "11.5.1 - 11.6.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K30201296", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K30201296" - }, - { - "name" : "101612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101612" - }, - { - "name" : "1039674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K30201296", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K30201296" + }, + { + "name": "101612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101612" + }, + { + "name": "1039674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039674" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0384.json b/2017/0xxx/CVE-2017-0384.json index 5e4e4e67cd0..665f9f03f20 100644 --- a/2017/0xxx/CVE-2017-0384.json +++ b/2017/0xxx/CVE-2017-0384.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe" + }, + { + "name": "95239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95239" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0692.json b/2017/0xxx/CVE-2017-0692.json index 133ccc1f93f..23cb3f20e80 100644 --- a/2017/0xxx/CVE-2017-0692.json +++ b/2017/0xxx/CVE-2017-0692.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99478" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0863.json b/2017/0xxx/CVE-2017-0863.json index 05817ee199d..beda27d82bc 100644 --- a/2017/0xxx/CVE-2017-0863.json +++ b/2017/0xxx/CVE-2017-0863.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0937.json b/2017/0xxx/CVE-2017-0937.json index dbf4364fe88..826c714e486 100644 --- a/2017/0xxx/CVE-2017-0937.json +++ b/2017/0xxx/CVE-2017-0937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000085.json b/2017/1000xxx/CVE-2017-1000085.json index 3786baa7a9e..63bf5d9e4b4 100644 --- a/2017/1000xxx/CVE-2017-1000085.json +++ b/2017/1000xxx/CVE-2017-1000085.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.308514", - "ID" : "CVE-2017-1000085", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Subversion Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.8 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Subversion Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CSRF, Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.308514", + "ID": "CVE-2017-1000085", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-07-10/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-07-10/" - }, - { - "name" : "99574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99574" + }, + { + "name": "https://jenkins.io/security/advisory/2017-07-10/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-07-10/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16142.json b/2017/16xxx/CVE-2017-16142.json index da0ddeec9c2..aa968c6aa28 100644 --- a/2017/16xxx/CVE-2017-16142.json +++ b/2017/16xxx/CVE-2017-16142.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "infraserver node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "infraserver node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/infraserver", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/infraserver" - }, - { - "name" : "https://nodesecurity.io/advisories/471", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/471", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/471" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/infraserver", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/infraserver" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16273.json b/2017/16xxx/CVE-2017-16273.json index 97c2d6014bb..8ebe909ba15 100644 --- a/2017/16xxx/CVE-2017-16273.json +++ b/2017/16xxx/CVE-2017-16273.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16273", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16273", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16778.json b/2017/16xxx/CVE-2017-16778.json index 782cb39e1cb..2e2b17de5b7 100644 --- a/2017/16xxx/CVE-2017-16778.json +++ b/2017/16xxx/CVE-2017-16778.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16778", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16778", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1040.json b/2017/1xxx/CVE-2017-1040.json index d0da3a6e89f..6d1c8331cc5 100644 --- a/2017/1xxx/CVE-2017-1040.json +++ b/2017/1xxx/CVE-2017-1040.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1040", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1040", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1336.json b/2017/1xxx/CVE-2017-1336.json index 017328bedc4..05db163fac2 100644 --- a/2017/1xxx/CVE-2017-1336.json +++ b/2017/1xxx/CVE-2017-1336.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-05T00:00:00", - "ID" : "CVE-2017-1336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigInsights", - "version" : { - "version_data" : [ - { - "version_value" : "4.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-05T00:00:00", + "ID": "CVE-2017-1336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigInsights", + "version": { + "version_data": [ + { + "version_value": "4.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126244", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126244" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010812", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010812" - }, - { - "name" : "102061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126244", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126244" + }, + { + "name": "102061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102061" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010812", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010812" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1533.json b/2017/1xxx/CVE-2017-1533.json index dc0eef5755e..255d73e211f 100644 --- a/2017/1xxx/CVE-2017-1533.json +++ b/2017/1xxx/CVE-2017-1533.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-05T00:00:00", - "ID" : "CVE-2017-1533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.3" - }, - { - "version_value" : "9.0.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-05T00:00:00", + "ID": "CVE-2017-1533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0.3" + }, + { + "version_value": "9.0.3.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130675", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130675" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012327", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012327" - }, - { - "name" : "102496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102496" - }, - { - "name" : "1040168", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040168", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040168" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130675", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130675" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012327", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012327" + }, + { + "name": "102496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102496" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1782.json b/2017/1xxx/CVE-2017-1782.json index a5e23a03b74..15cb1416861 100644 --- a/2017/1xxx/CVE-2017-1782.json +++ b/2017/1xxx/CVE-2017-1782.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1782", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1782", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4096.json b/2017/4xxx/CVE-2017-4096.json index d4a0a6ea360..b1b5fdf8fd6 100644 --- a/2017/4xxx/CVE-2017-4096.json +++ b/2017/4xxx/CVE-2017-4096.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4096", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4096", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4267.json b/2017/4xxx/CVE-2017-4267.json index 4192930b4f6..8d63360b1ef 100644 --- a/2017/4xxx/CVE-2017-4267.json +++ b/2017/4xxx/CVE-2017-4267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4267", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4267", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4527.json b/2017/4xxx/CVE-2017-4527.json index 15ccb93dcc6..8788b50bdad 100644 --- a/2017/4xxx/CVE-2017-4527.json +++ b/2017/4xxx/CVE-2017-4527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4527", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4527", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4955.json b/2017/4xxx/CVE-2017-4955.json index 45989e5b243..56fa839e3df 100644 --- a/2017/4xxx/CVE-2017-4955.json +++ b/2017/4xxx/CVE-2017-4955.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PCF Elastic Runtime", - "version" : { - "version_data" : [ - { - "version_value" : "PCF Elastic Runtime" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Credentials in Elastic Runtime Notifications errand log" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PCF Elastic Runtime", + "version": { + "version_data": [ + { + "version_value": "PCF Elastic Runtime" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2017-4955", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2017-4955" - }, - { - "name" : "97082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Credentials in Elastic Runtime Notifications errand log" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2017-4955", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2017-4955" + }, + { + "name": "97082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97082" + } + ] + } +} \ No newline at end of file