From edeb5d5e430cc52a2120030b0b3fd9a520418536 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:47:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2558.json | 180 ++++++++--------- 2006/2xxx/CVE-2006-2607.json | 300 +++++++++++++-------------- 2006/2xxx/CVE-2006-2933.json | 170 ++++++++-------- 2006/3xxx/CVE-2006-3385.json | 170 ++++++++-------- 2006/3xxx/CVE-2006-3598.json | 150 +++++++------- 2006/3xxx/CVE-2006-3755.json | 140 ++++++------- 2006/4xxx/CVE-2006-4084.json | 120 +++++------ 2006/4xxx/CVE-2006-4271.json | 170 ++++++++-------- 2006/4xxx/CVE-2006-4847.json | 170 ++++++++-------- 2006/4xxx/CVE-2006-4889.json | 360 ++++++++++++++++----------------- 2006/6xxx/CVE-2006-6104.json | 310 ++++++++++++++-------------- 2006/6xxx/CVE-2006-6151.json | 140 ++++++------- 2006/6xxx/CVE-2006-6181.json | 170 ++++++++-------- 2006/6xxx/CVE-2006-6592.json | 150 +++++++------- 2006/7xxx/CVE-2006-7131.json | 150 +++++++------- 2010/2xxx/CVE-2010-2313.json | 180 ++++++++--------- 2010/2xxx/CVE-2010-2607.json | 34 ++-- 2010/2xxx/CVE-2010-2877.json | 170 ++++++++-------- 2011/0xxx/CVE-2011-0066.json | 190 ++++++++--------- 2011/0xxx/CVE-2011-0155.json | 180 ++++++++--------- 2011/0xxx/CVE-2011-0389.json | 150 +++++++------- 2011/0xxx/CVE-2011-0493.json | 170 ++++++++-------- 2011/0xxx/CVE-2011-0834.json | 120 +++++------ 2011/0xxx/CVE-2011-0842.json | 34 ++-- 2011/1xxx/CVE-2011-1737.json | 150 +++++++------- 2011/3xxx/CVE-2011-3570.json | 120 +++++------ 2011/3xxx/CVE-2011-3799.json | 140 ++++++------- 2011/4xxx/CVE-2011-4420.json | 34 ++-- 2011/4xxx/CVE-2011-4856.json | 130 ++++++------ 2011/4xxx/CVE-2011-4977.json | 34 ++-- 2011/5xxx/CVE-2011-5320.json | 170 ++++++++-------- 2014/2xxx/CVE-2014-2172.json | 120 +++++------ 2014/2xxx/CVE-2014-2327.json | 200 +++++++++--------- 2014/2xxx/CVE-2014-2459.json | 120 +++++------ 2014/2xxx/CVE-2014-2476.json | 130 ++++++------ 2014/2xxx/CVE-2014-2729.json | 140 ++++++------- 2014/3xxx/CVE-2014-3950.json | 34 ++-- 2014/6xxx/CVE-2014-6126.json | 150 +++++++------- 2014/6xxx/CVE-2014-6138.json | 140 ++++++------- 2014/6xxx/CVE-2014-6584.json | 130 ++++++------ 2014/6xxx/CVE-2014-6725.json | 140 ++++++------- 2014/7xxx/CVE-2014-7307.json | 140 ++++++------- 2014/7xxx/CVE-2014-7485.json | 140 ++++++------- 2017/0xxx/CVE-2017-0537.json | 140 ++++++------- 2017/0xxx/CVE-2017-0617.json | 130 ++++++------ 2017/18xxx/CVE-2017-18321.json | 130 ++++++------ 2017/18xxx/CVE-2017-18362.json | 140 ++++++------- 2017/1xxx/CVE-2017-1105.json | 168 +++++++-------- 2017/1xxx/CVE-2017-1210.json | 138 ++++++------- 2017/1xxx/CVE-2017-1805.json | 34 ++-- 2017/5xxx/CVE-2017-5080.json | 170 ++++++++-------- 2017/5xxx/CVE-2017-5449.json | 246 +++++++++++----------- 2017/5xxx/CVE-2017-5562.json | 34 ++-- 2017/5xxx/CVE-2017-5615.json | 140 ++++++------- 54 files changed, 3955 insertions(+), 3955 deletions(-) diff --git a/2006/2xxx/CVE-2006-2558.json b/2006/2xxx/CVE-2006-2558.json index 71d3a3d7977..3e783ee071f 100644 --- a/2006/2xxx/CVE-2006-2558.json +++ b/2006/2xxx/CVE-2006-2558.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060522 IpLogger <= 1.7 XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434822/100/0/threaded" - }, - { - "name" : "20060523 Re: IpLogger <= 1.7 XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435005/30/4740/threaded" - }, - { - "name" : "18086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18086" - }, - { - "name" : "ADV-2006-1937", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1937" - }, - { - "name" : "1016147", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016147" - }, - { - "name" : "20246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20246" - }, - { - "name" : "iplogger-headers-xss(26643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20246" + }, + { + "name": "20060523 Re: IpLogger <= 1.7 XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435005/30/4740/threaded" + }, + { + "name": "iplogger-headers-xss(26643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26643" + }, + { + "name": "1016147", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016147" + }, + { + "name": "ADV-2006-1937", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1937" + }, + { + "name": "18086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18086" + }, + { + "name": "20060522 IpLogger <= 1.7 XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434822/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2607.json b/2006/2xxx/CVE-2006-2607.json index 2e5f903eb2c..28f24806369 100644 --- a/2006/2xxx/CVE-2006-2607.json +++ b/2006/2xxx/CVE-2006-2607.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060525 rPSA-2006-0082-1 vixie-cron", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435033/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=134194", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=134194" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178431", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178431" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-168.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-168.htm" - }, - { - "name" : "GLSA-200606-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200606-07.xml" - }, - { - "name" : "RHSA-2006:0539", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0539.html" - }, - { - "name" : "SUSE-SA:2006:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-32.html" - }, - { - "name" : "USN-778-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/778-1/" - }, - { - "name" : "18108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18108" - }, - { - "name" : "oval:org.mitre.oval:def:10213", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10213" - }, - { - "name" : "35318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35318" - }, - { - "name" : "ADV-2006-2075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2075" - }, - { - "name" : "1016480", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016480" - }, - { - "name" : "20380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20380" - }, - { - "name" : "20388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20388" - }, - { - "name" : "20616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20616" - }, - { - "name" : "21032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21032" - }, - { - "name" : "21702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21702" - }, - { - "name" : "vixie-cron-docommand-gain-privilege(26691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060525 rPSA-2006-0082-1 vixie-cron", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435033/100/0/threaded" + }, + { + "name": "ADV-2006-2075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2075" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178431", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178431" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-168.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-168.htm" + }, + { + "name": "18108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18108" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=134194", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=134194" + }, + { + "name": "20388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20388" + }, + { + "name": "1016480", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016480" + }, + { + "name": "USN-778-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/778-1/" + }, + { + "name": "SUSE-SA:2006:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-32.html" + }, + { + "name": "35318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35318" + }, + { + "name": "21032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21032" + }, + { + "name": "GLSA-200606-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200606-07.xml" + }, + { + "name": "oval:org.mitre.oval:def:10213", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10213" + }, + { + "name": "vixie-cron-docommand-gain-privilege(26691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26691" + }, + { + "name": "RHSA-2006:0539", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0539.html" + }, + { + "name": "20616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20616" + }, + { + "name": "21702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21702" + }, + { + "name": "20380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20380" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2933.json b/2006/2xxx/CVE-2006-2933.json index ed39fb1e7ec..1e9d8bf698e 100644 --- a/2006/2xxx/CVE-2006-2933.json +++ b/2006/2xxx/CVE-2006-2933.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177755", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177755" - }, - { - "name" : "RHSA-2006:0576", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0576.html" - }, - { - "name" : "19152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19152" - }, - { - "name" : "oval:org.mitre.oval:def:10535", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10535" - }, - { - "name" : "1016571", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016571" - }, - { - "name" : "21203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21203" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177755", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177755" + }, + { + "name": "RHSA-2006:0576", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0576.html" + }, + { + "name": "1016571", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016571" + }, + { + "name": "oval:org.mitre.oval:def:10535", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10535" + }, + { + "name": "19152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19152" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3385.json b/2006/3xxx/CVE-2006-3385.json index f1330ac5b5e..4b3e46584d1 100644 --- a/2006/3xxx/CVE-2006-3385.json +++ b/2006/3xxx/CVE-2006-3385.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060629 News <= 5.2 XSS, SQL Injection, Full Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438859/100/0/threaded" - }, - { - "name" : "http://www.acid-root.new.fr/advisories/news52.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/news52.txt" - }, - { - "name" : "18775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18775" - }, - { - "name" : "ADV-2006-2642", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2642" - }, - { - "name" : "20936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20936" - }, - { - "name" : "vlcnews-divers-xss(27505)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vlcnews-divers-xss(27505)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27505" + }, + { + "name": "20060629 News <= 5.2 XSS, SQL Injection, Full Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438859/100/0/threaded" + }, + { + "name": "ADV-2006-2642", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2642" + }, + { + "name": "20936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20936" + }, + { + "name": "18775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18775" + }, + { + "name": "http://www.acid-root.new.fr/advisories/news52.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/news52.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3598.json b/2006/3xxx/CVE-2006-3598.json index 409ebf84780..8540020964e 100644 --- a/2006/3xxx/CVE-2006-3598.json +++ b/2006/3xxx/CVE-2006-3598.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060628 PHP-Nuke Module's Name Sections<<--V3 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438596/100/200/threaded" - }, - { - "name" : "5154", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5154" - }, - { - "name" : "27879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27879" - }, - { - "name" : "phpnuke-module-sqlinjection(27501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060628 PHP-Nuke Module's Name Sections<<--V3 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438596/100/200/threaded" + }, + { + "name": "phpnuke-module-sqlinjection(27501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501" + }, + { + "name": "27879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27879" + }, + { + "name": "5154", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5154" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3755.json b/2006/3xxx/CVE-2006-3755.json index 5608b9c2df8..2d287bc5b3f 100644 --- a/2006/3xxx/CVE-2006-3755.json +++ b/2006/3xxx/CVE-2006-3755.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-2822", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2822" - }, - { - "name" : "21090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21090" - }, - { - "name" : "flushcms-classpath-file-include(27751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21090" + }, + { + "name": "flushcms-classpath-file-include(27751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27751" + }, + { + "name": "ADV-2006-2822", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2822" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4084.json b/2006/4xxx/CVE-2006-4084.json index c16820e37b7..d8c0041a185 100644 --- a/2006/4xxx/CVE-2006-4084.json +++ b/2006/4xxx/CVE-2006-4084.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to \"a potential security exploit which is critical.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dwalker.co.uk/forum/viewtopic.php?t=516", - "refsource" : "CONFIRM", - "url" : "http://dwalker.co.uk/forum/viewtopic.php?t=516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to \"a potential security exploit which is critical.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dwalker.co.uk/forum/viewtopic.php?t=516", + "refsource": "CONFIRM", + "url": "http://dwalker.co.uk/forum/viewtopic.php?t=516" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4271.json b/2006/4xxx/CVE-2006-4271.json index ad3e0e09db1..c1477fcfd24 100644 --- a/2006/4xxx/CVE-2006-4271.json +++ b/2006/4xxx/CVE-2006-4271.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying \"The default vBulletin requires authentication prior to the usage of the upgrade system.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060705 vBulletin 3.5.4 (install_path) Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html" - }, - { - "name" : "20060705 Re: vBulletin 3.5.4 (install_path) Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html" - }, - { - "name" : "20060708 Re: Re: vBulletin 3.5.4 (install_path) Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html" - }, - { - "name" : "20060711 RE: Re: vBulletin 3.5.4 (install_path) Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html" - }, - { - "name" : "http://www.pldsoft.com/forum/showthread.php?t=1340", - "refsource" : "MISC", - "url" : "http://www.pldsoft.com/forum/showthread.php?t=1340" - }, - { - "name" : "28210", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying \"The default vBulletin requires authentication prior to the usage of the upgrade system.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060705 Re: vBulletin 3.5.4 (install_path) Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html" + }, + { + "name": "20060711 RE: Re: vBulletin 3.5.4 (install_path) Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html" + }, + { + "name": "20060708 Re: Re: vBulletin 3.5.4 (install_path) Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html" + }, + { + "name": "20060705 vBulletin 3.5.4 (install_path) Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html" + }, + { + "name": "http://www.pldsoft.com/forum/showthread.php?t=1340", + "refsource": "MISC", + "url": "http://www.pldsoft.com/forum/showthread.php?t=1340" + }, + { + "name": "28210", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28210" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4847.json b/2006/4xxx/CVE-2006-4847.json index 4bc1a4e625f..cf7ec3bdf2f 100644 --- a/2006/4xxx/CVE-2006-4847.json +++ b/2006/4xxx/CVE-2006-4847.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp", - "refsource" : "CONFIRM", - "url" : "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp" - }, - { - "name" : "20076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20076" - }, - { - "name" : "ADV-2006-3655", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3655" - }, - { - "name" : "28939", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28939" - }, - { - "name" : "21932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21932" - }, - { - "name" : "wsftp-xcrc-xsha1-xmd5-bo(28983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21932" + }, + { + "name": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp", + "refsource": "CONFIRM", + "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp" + }, + { + "name": "ADV-2006-3655", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3655" + }, + { + "name": "wsftp-xcrc-xsha1-xmd5-bo(28983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983" + }, + { + "name": "28939", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28939" + }, + { + "name": "20076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20076" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4889.json b/2006/4xxx/CVE-2006-4889.json index eeae8e9dd17..cc00fc0221e 100644 --- a/2006/4xxx/CVE-2006-4889.json +++ b/2006/4xxx/CVE-2006-4889.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060913 Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446086/100/0/threaded" - }, - { - "name" : "http://www.telekorn.com/forum/showthread.php?t=1427", - "refsource" : "CONFIRM", - "url" : "http://www.telekorn.com/forum/showthread.php?t=1427" - }, - { - "name" : "19977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19977" - }, - { - "name" : "32199", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32199" - }, - { - "name" : "32200", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32200" - }, - { - "name" : "32201", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32201" - }, - { - "name" : "32202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32202" - }, - { - "name" : "32203", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32203" - }, - { - "name" : "32204", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32204" - }, - { - "name" : "32205", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32205" - }, - { - "name" : "32206", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32206" - }, - { - "name" : "32207", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32207" - }, - { - "name" : "32208", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32208" - }, - { - "name" : "32209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32209" - }, - { - "name" : "32210", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32210" - }, - { - "name" : "32211", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32211" - }, - { - "name" : "32212", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32212" - }, - { - "name" : "32213", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32213" - }, - { - "name" : "32214", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32214" - }, - { - "name" : "32215", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32215" - }, - { - "name" : "32216", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32216" - }, - { - "name" : "32217", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32217" - }, - { - "name" : "32218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32218" - }, - { - "name" : "1619", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1619" - }, - { - "name" : "signkorn-log-file-include(28888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32201", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32201" + }, + { + "name": "32218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32218" + }, + { + "name": "32205", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32205" + }, + { + "name": "32217", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32217" + }, + { + "name": "32211", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32211" + }, + { + "name": "signkorn-log-file-include(28888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28888" + }, + { + "name": "32214", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32214" + }, + { + "name": "32206", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32206" + }, + { + "name": "20060913 Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446086/100/0/threaded" + }, + { + "name": "http://www.telekorn.com/forum/showthread.php?t=1427", + "refsource": "CONFIRM", + "url": "http://www.telekorn.com/forum/showthread.php?t=1427" + }, + { + "name": "32215", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32215" + }, + { + "name": "32200", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32200" + }, + { + "name": "32204", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32204" + }, + { + "name": "32208", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32208" + }, + { + "name": "32203", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32203" + }, + { + "name": "32207", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32207" + }, + { + "name": "32199", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32199" + }, + { + "name": "32202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32202" + }, + { + "name": "32210", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32210" + }, + { + "name": "32212", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32212" + }, + { + "name": "19977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19977" + }, + { + "name": "32213", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32213" + }, + { + "name": "32209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32209" + }, + { + "name": "1619", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1619" + }, + { + "name": "32216", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32216" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6104.json b/2006/6xxx/CVE-2006-6104.json index 9192613c628..cef3d619c45 100644 --- a/2006/6xxx/CVE-2006-6104.json +++ b/2006/6xxx/CVE-2006-6104.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-6104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061220 Mono XSP ASP.NET Server sourcecode disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454962/100/0/threaded" - }, - { - "name" : "http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html" - }, - { - "name" : "FEDORA-2007-067", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2400" - }, - { - "name" : "FEDORA-2007-068", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2401" - }, - { - "name" : "GLSA-200701-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-12.xml" - }, - { - "name" : "MDKSA-2006:234", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:234" - }, - { - "name" : "SUSE-SA:2007:002", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html" - }, - { - "name" : "USN-397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-397-1" - }, - { - "name" : "21687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21687" - }, - { - "name" : "ADV-2006-5099", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5099" - }, - { - "name" : "oval:org.mitre.oval:def:2092", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2092" - }, - { - "name" : "1017430", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017430" - }, - { - "name" : "23432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23432" - }, - { - "name" : "23435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23435" - }, - { - "name" : "23462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23462" - }, - { - "name" : "23597", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23597" - }, - { - "name" : "23727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23727" - }, - { - "name" : "23776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23776" - }, - { - "name" : "23779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23779" - }, - { - "name" : "2082", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200701-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-12.xml" + }, + { + "name": "23597", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23597" + }, + { + "name": "ADV-2006-5099", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5099" + }, + { + "name": "SUSE-SA:2007:002", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html" + }, + { + "name": "2082", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2082" + }, + { + "name": "oval:org.mitre.oval:def:2092", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2092" + }, + { + "name": "20061220 Mono XSP ASP.NET Server sourcecode disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454962/100/0/threaded" + }, + { + "name": "1017430", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017430" + }, + { + "name": "FEDORA-2007-067", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2400" + }, + { + "name": "23462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23462" + }, + { + "name": "23727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23727" + }, + { + "name": "23779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23779" + }, + { + "name": "MDKSA-2006:234", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:234" + }, + { + "name": "23776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23776" + }, + { + "name": "21687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21687" + }, + { + "name": "http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html", + "refsource": "MISC", + "url": "http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html" + }, + { + "name": "23435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23435" + }, + { + "name": "23432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23432" + }, + { + "name": "FEDORA-2007-068", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2401" + }, + { + "name": "USN-397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-397-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6151.json b/2006/6xxx/CVE-2006-6151.json index c53ec444c01..74c4bd6df7f 100644 --- a/2006/6xxx/CVE-2006-6151.json +++ b/2006/6xxx/CVE-2006-6151.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21267" - }, - { - "name" : "ADV-2006-4684", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4684" - }, - { - "name" : "23081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21267" + }, + { + "name": "23081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23081" + }, + { + "name": "ADV-2006-4684", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4684" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6181.json b/2006/6xxx/CVE-2006-6181.json index 170af063834..bc221303c17 100644 --- a/2006/6xxx/CVE-2006-6181.json +++ b/2006/6xxx/CVE-2006-6181.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061126 ClickContact SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452825/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=51", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=51" - }, - { - "name" : "21302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21302" - }, - { - "name" : "ADV-2006-4741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4741" - }, - { - "name" : "23119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23119" - }, - { - "name" : "clickcontact-default-sql-injection(30534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21302" + }, + { + "name": "clickcontact-default-sql-injection(30534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30534" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=51", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=51" + }, + { + "name": "23119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23119" + }, + { + "name": "20061126 ClickContact SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452825/100/0/threaded" + }, + { + "name": "ADV-2006-4741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4741" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6592.json b/2006/6xxx/CVE-2006-6592.json index 83ae664a451..ac7a79320dd 100644 --- a/2006/6xxx/CVE-2006-6592.json +++ b/2006/6xxx/CVE-2006-6592.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 Bloq 0.5.4 Remote File İnclude", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448603/100/0/threaded" - }, - { - "name" : "20512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20512" - }, - { - "name" : "2039", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2039" - }, - { - "name" : "bloq-multiple-file-include(29585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2039", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2039" + }, + { + "name": "20061012 Bloq 0.5.4 Remote File İnclude", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448603/100/0/threaded" + }, + { + "name": "20512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20512" + }, + { + "name": "bloq-multiple-file-include(29585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29585" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7131.json b/2006/7xxx/CVE-2006-7131.json index 09f40583323..a1ef13e9281 100644 --- a/2006/7xxx/CVE-2006-7131.json +++ b/2006/7xxx/CVE-2006-7131.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061014 Jinzora 2.6 - Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448703/100/0/threaded" - }, - { - "name" : "2558", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2558" - }, - { - "name" : "2352", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2352" - }, - { - "name" : "jinzora-extras-file-include(29556)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2352", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2352" + }, + { + "name": "2558", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2558" + }, + { + "name": "jinzora-extras-file-include(29556)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29556" + }, + { + "name": "20061014 Jinzora 2.6 - Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448703/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2313.json b/2010/2xxx/CVE-2010-2313.json index ba081d0e441..a126285880d 100644 --- a/2010/2xxx/CVE-2010-2313.json +++ b/2010/2xxx/CVE-2010-2313.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Anodyne Productions SIMM Management System (SMS) 2.6.10, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1006-exploits/simm-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/simm-lfi.txt" - }, - { - "name" : "http://www.exploit-db.com/exploits/12848/", - "refsource" : "MISC", - "url" : "http://www.exploit-db.com/exploits/12848/" - }, - { - "name" : "40543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40543" - }, - { - "name" : "65084", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65084" - }, - { - "name" : "40009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40009" - }, - { - "name" : "ADV-2010-1330", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1330" - }, - { - "name" : "anodynesimm-index-file-include(59063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Anodyne Productions SIMM Management System (SMS) 2.6.10, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "anodynesimm-index-file-include(59063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59063" + }, + { + "name": "ADV-2010-1330", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1330" + }, + { + "name": "40543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40543" + }, + { + "name": "http://www.exploit-db.com/exploits/12848/", + "refsource": "MISC", + "url": "http://www.exploit-db.com/exploits/12848/" + }, + { + "name": "40009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40009" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/simm-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/simm-lfi.txt" + }, + { + "name": "65084", + "refsource": "OSVDB", + "url": "http://osvdb.org/65084" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2607.json b/2010/2xxx/CVE-2010-2607.json index fe8a607118c..39e69ac6599 100644 --- a/2010/2xxx/CVE-2010-2607.json +++ b/2010/2xxx/CVE-2010-2607.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2607", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2607", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2877.json b/2010/2xxx/CVE-2010-2877.json index 07990f39489..6db79e485e5 100644 --- a/2010/2xxx/CVE-2010-2877.json +++ b/2010/2xxx/CVE-2010-2877.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100824 TPTI-10-09: Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513296/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-09", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-09" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" - }, - { - "name" : "oval:org.mitre.oval:def:11895", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11895" - }, - { - "name" : "1024361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024361" - }, - { - "name" : "ADV-2010-2176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024361" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-09", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-09" + }, + { + "name": "20100824 TPTI-10-09: Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513296/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:11895", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11895" + }, + { + "name": "ADV-2010-2176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2176" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0066.json b/2011/0xxx/CVE-2011-0066.json index 153f09a3051..408e12c69b9 100644 --- a/2011/0xxx/CVE-2011-0066.json +++ b/2011/0xxx/CVE-2011-0066.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=634983", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=634983" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "oval:org.mitre.oval:def:13970", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "oval:org.mitre.oval:def:13970", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13970" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=634983", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=634983" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0155.json b/2011/0xxx/CVE-2011-0155.json index 516cb16f2fd..42573369cd7 100644 --- a/2011/0xxx/CVE-2011-0155.json +++ b/2011/0xxx/CVE-2011-0155.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:17299", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "oval:org.mitre.oval:def:17299", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17299" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0389.json b/2011/0xxx/CVE-2011-0389.json index 6144f8f367d..951e5aae301 100644 --- a/2011/0xxx/CVE-2011-0389.json +++ b/2011/0xxx/CVE-2011-0389.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml" - }, - { - "name" : "46520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46520" - }, - { - "name" : "1025113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025113" - }, - { - "name" : "cisco-multipoint-rtpc-dos(65622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-multipoint-rtpc-dos(65622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65622" + }, + { + "name": "46520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46520" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml" + }, + { + "name": "1025113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025113" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0493.json b/2011/0xxx/CVE-2011-0493.json index c424af0d6ca..2b503873b1f 100644 --- a/2011/0xxx/CVE-2011-0493.json +++ b/2011/0xxx/CVE-2011-0493.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Jan-2011/msg00000.html" - }, - { - "name" : "http://blog.torproject.org/blog/tor-02129-released-security-patches", - "refsource" : "CONFIRM", - "url" : "http://blog.torproject.org/blog/tor-02129-released-security-patches" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/2352", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/2352" - }, - { - "name" : "45953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45953" - }, - { - "name" : "tor-routercache-dos(64864)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Jan-2011/msg00000.html" + }, + { + "name": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog" + }, + { + "name": "https://trac.torproject.org/projects/tor/ticket/2352", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/2352" + }, + { + "name": "http://blog.torproject.org/blog/tor-02129-released-security-patches", + "refsource": "CONFIRM", + "url": "http://blog.torproject.org/blog/tor-02129-released-security-patches" + }, + { + "name": "tor-routercache-dos(64864)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64864" + }, + { + "name": "45953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45953" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0834.json b/2011/0xxx/CVE-2011-0834.json index 323a5b1c18b..12617f7dae8 100644 --- a/2011/0xxx/CVE-2011-0834.json +++ b/2011/0xxx/CVE-2011-0834.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization - Automotive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization - Automotive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0842.json b/2011/0xxx/CVE-2011-0842.json index 6df4abf7840..582492daac5 100644 --- a/2011/0xxx/CVE-2011-0842.json +++ b/2011/0xxx/CVE-2011-0842.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0842", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0842", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1737.json b/2011/1xxx/CVE-2011-1737.json index 4f3d84f54e2..ac49b2efc03 100644 --- a/2011/1xxx/CVE-2011-1737.json +++ b/2011/1xxx/CVE-2011-1737.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMI02632", - "refsource" : "HP", - "url" : "https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02822174" - }, - { - "name" : "SSRT100379", - "refsource" : "HP", - "url" : "https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02822174" - }, - { - "name" : "47787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47787" - }, - { - "name" : "1025514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025514" + }, + { + "name": "SSRT100379", + "refsource": "HP", + "url": "https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02822174" + }, + { + "name": "HPSBMI02632", + "refsource": "HP", + "url": "https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02822174" + }, + { + "name": "47787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47787" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3570.json b/2011/3xxx/CVE-2011-3570.json index 51fffe732d1..598faa39abe 100644 --- a/2011/3xxx/CVE-2011-3570.json +++ b/2011/3xxx/CVE-2011-3570.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3799.json b/2011/3xxx/CVE-2011-3799.json index 1edf07f671d..09237cea836 100644 --- a/2011/3xxx/CVE-2011-3799.json +++ b/2011/3xxx/CVE-2011-3799.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ReOS_v2_0_5", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ReOS_v2_0_5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ReOS_v2_0_5", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ReOS_v2_0_5" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4420.json b/2011/4xxx/CVE-2011-4420.json index bf9ba8af765..04da54fad8a 100644 --- a/2011/4xxx/CVE-2011-4420.json +++ b/2011/4xxx/CVE-2011-4420.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4420", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4420", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4856.json b/2011/4xxx/CVE-2011-4856.json index 5b6fa49a7f6..2bcfe1c5b37 100644 --- a/2011/4xxx/CVE-2011-4856.json +++ b/2011/4xxx/CVE-2011-4856.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/health/parameters and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", - "refsource" : "MISC", - "url" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" - }, - { - "name" : "plesk-contenttype-unspecified(72091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/health/parameters and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "plesk-contenttype-unspecified(72091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72091" + }, + { + "name": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", + "refsource": "MISC", + "url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4977.json b/2011/4xxx/CVE-2011-4977.json index 1ba9ea434a0..3dda79c88a4 100644 --- a/2011/4xxx/CVE-2011-4977.json +++ b/2011/4xxx/CVE-2011-4977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5320.json b/2011/5xxx/CVE-2011-5320.json index 364f8a8b176..12b8c10aae7 100644 --- a/2011/5xxx/CVE-2011-5320.json +++ b/2011/5xxx/CVE-2011-5320.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-5320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150312 Re: CVE request: glibc scanf implementation crashes on certain inputs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/12/14" - }, - { - "name" : "https://marc.info/?l=gimp-developer&m=129567990905823&w=2", - "refsource" : "MISC", - "url" : "https://marc.info/?l=gimp-developer&m=129567990905823&w=2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1196745", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1196745" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4" - }, - { - "name" : "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0" - }, - { - "name" : "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4" + }, + { + "name": "https://marc.info/?l=gimp-developer&m=129567990905823&w=2", + "refsource": "MISC", + "url": "https://marc.info/?l=gimp-developer&m=129567990905823&w=2" + }, + { + "name": "[oss-security] 20150312 Re: CVE request: glibc scanf implementation crashes on certain inputs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/12/14" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1196745", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196745" + }, + { + "name": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2172.json b/2014/2xxx/CVE-2014-2172.json index 7dfb56d2d4a..1bced92c123 100644 --- a/2014/2xxx/CVE-2014-2172.json +++ b/2014/2xxx/CVE-2014-2172.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2327.json b/2014/2xxx/CVE-2014-2327.json index edcb572f510..82849eb6b4f 100644 --- a/2014/2xxx/CVE-2014-2327.json +++ b/2014/2xxx/CVE-2014-2327.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531588" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" - }, - { - "name" : "DSA-2970", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2970" - }, - { - "name" : "GLSA-201509-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-03" - }, - { - "name" : "openSUSE-SU-2015:0479", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html" - }, - { - "name" : "JVN#55076671", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN55076671/index.html" - }, - { - "name" : "JVNDB-2014-002239", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html" - }, - { - "name" : "66392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66392" - }, - { - "name" : "59203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#55076671", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN55076671/index.html" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" + }, + { + "name": "JVNDB-2014-002239", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html" + }, + { + "name": "20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531588" + }, + { + "name": "59203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59203" + }, + { + "name": "openSUSE-SU-2015:0479", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html" + }, + { + "name": "66392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66392" + }, + { + "name": "DSA-2970", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2970" + }, + { + "name": "GLSA-201509-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-03" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2459.json b/2014/2xxx/CVE-2014-2459.json index c017c5a73f6..bcbbc4f9f60 100644 --- a/2014/2xxx/CVE-2014-2459.json +++ b/2014/2xxx/CVE-2014-2459.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.2 and 6.3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.2 and 6.3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2476.json b/2014/2xxx/CVE-2014-2476.json index 8089be56fb8..a7ac15d222b 100644 --- a/2014/2xxx/CVE-2014-2476.json +++ b/2014/2xxx/CVE-2014-2476.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-6459." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "1031034", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-6459." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "1031034", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031034" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2729.json b/2014/2xxx/CVE-2014-2729.json index 54c32903a2a..dce6f6258c2 100644 --- a/2014/2xxx/CVE-2014-2729.json +++ b/2014/2xxx/CVE-2014-2729.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140416 [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531853/100/0/threaded" - }, - { - "name" : "20140416 [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531852/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html" + }, + { + "name": "20140416 [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531852/100/0/threaded" + }, + { + "name": "20140416 [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531853/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3950.json b/2014/3xxx/CVE-2014-3950.json index 3f718292d35..c174d5f08e3 100644 --- a/2014/3xxx/CVE-2014-3950.json +++ b/2014/3xxx/CVE-2014-3950.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3950", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3950", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6126.json b/2014/6xxx/CVE-2014-6126.json index 5773dfdcd1a..8d649cfc42d 100644 --- a/2014/6xxx/CVE-2014-6126.json +++ b/2014/6xxx/CVE-2014-6126.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684651", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684651" - }, - { - "name" : "PI26889", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889" - }, - { - "name" : "70756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70756" - }, - { - "name" : "ibm-wsportal-cve20146126-xss(96783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI26889", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651" + }, + { + "name": "70756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70756" + }, + { + "name": "ibm-wsportal-cve20146126-xss(96783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96783" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6138.json b/2014/6xxx/CVE-2014-6138.json index 9c835005333..0aa0b8a1768 100644 --- a/2014/6xxx/CVE-2014-6138.json +++ b/2014/6xxx/CVE-2014-6138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691035", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691035" - }, - { - "name" : "IT04614", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614" - }, - { - "name" : "ibm-xc10-cve20146138-sec-bypass(96852)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691035", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691035" + }, + { + "name": "IT04614", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614" + }, + { + "name": "ibm-xc10-cve20146138-sec-bypass(96852)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96852" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6584.json b/2014/6xxx/CVE-2014-6584.json index cd0737efaa2..4a5ec706a02 100644 --- a/2014/6xxx/CVE-2014-6584.json +++ b/2014/6xxx/CVE-2014-6584.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031594", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031594", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031594" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6725.json b/2014/6xxx/CVE-2014-6725.json index 1391d4354a8..caa3bf812b4 100644 --- a/2014/6xxx/CVE-2014-6725.json +++ b/2014/6xxx/CVE-2014-6725.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#165905", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/165905" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#165905", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/165905" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7307.json b/2014/7xxx/CVE-2014-7307.json index 10cb2480246..bb6143b7e7d 100644 --- a/2014/7xxx/CVE-2014-7307.json +++ b/2014/7xxx/CVE-2014-7307.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#159657", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/159657" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#159657", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/159657" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7485.json b/2014/7xxx/CVE-2014-7485.json index 542491a2600..fb584877a25 100644 --- a/2014/7xxx/CVE-2014-7485.json +++ b/2014/7xxx/CVE-2014-7485.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#102193", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/102193" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#102193", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/102193" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0537.json b/2017/0xxx/CVE-2017-0537.json index 65aee60d450..03c83596358 100644 --- a/2017/0xxx/CVE-2017-0537.json +++ b/2017/0xxx/CVE-2017-0537.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96831" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96831" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0617.json b/2017/0xxx/CVE-2017-0617.json index c069cace169..5163b13abab 100644 --- a/2017/0xxx/CVE-2017-0617.json +++ b/2017/0xxx/CVE-2017-0617.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98190" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18321.json b/2017/18xxx/CVE-2017-18321.json index 41ee6be93c2..da71629428f 100644 --- a/2017/18xxx/CVE-2017-18321.json +++ b/2017/18xxx/CVE-2017-18321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9650, MDM9655, SD 835, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in LTE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9650, MDM9655, SD 835, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in LTE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18362.json b/2017/18xxx/CVE-2017-18362.json index 1f9a0bb7dab..3ee3aebf715 100644 --- a/2017/18xxx/CVE-2017-18362.json +++ b/2017/18xxx/CVE-2017-18362.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://archive.today/rdkeQ", - "refsource" : "MISC", - "url" : "http://archive.today/rdkeQ" - }, - { - "name" : "https://github.com/kbni/owlky", - "refsource" : "MISC", - "url" : "https://github.com/kbni/owlky" - }, - { - "name" : "https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+", - "refsource" : "MISC", - "url" : "https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://archive.today/rdkeQ", + "refsource": "MISC", + "url": "http://archive.today/rdkeQ" + }, + { + "name": "https://github.com/kbni/owlky", + "refsource": "MISC", + "url": "https://github.com/kbni/owlky" + }, + { + "name": "https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+", + "refsource": "MISC", + "url": "https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1105.json b/2017/1xxx/CVE-2017-1105.json index 477303d32bb..9f1e9f5680a 100644 --- a/2017/1xxx/CVE-2017-1105.json +++ b/2017/1xxx/CVE-2017-1105.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "9.7" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "10.1" + }, + { + "version_value": "9.7" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22003877", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22003877" - }, - { - "name" : "99264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99264" - }, - { - "name" : "1038773", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99264" + }, + { + "name": "1038773", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038773" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22003877", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22003877" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1210.json b/2017/1xxx/CVE-2017-1210.json index 72fa97f4894..de923865211 100644 --- a/2017/1xxx/CVE-2017-1210.json +++ b/2017/1xxx/CVE-2017-1210.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-18T00:00:00", - "ID" : "CVE-2017-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Daeja ViewONE", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.5.1" - }, - { - "version_value" : "5.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-18T00:00:00", + "ID": "CVE-2017-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Daeja ViewONE", + "version": { + "version_data": [ + { + "version_value": "4.1.5.1" + }, + { + "version_value": "5.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123850", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123850" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008009", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123850", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123850" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22008009", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22008009" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1805.json b/2017/1xxx/CVE-2017-1805.json index d992178953e..8946a9229e7 100644 --- a/2017/1xxx/CVE-2017-1805.json +++ b/2017/1xxx/CVE-2017-1805.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1805", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1805", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5080.json b/2017/5xxx/CVE-2017-5080.json index 629400d3f97..f718610ff53 100644 --- a/2017/5xxx/CVE-2017-5080.json +++ b/2017/5xxx/CVE-2017-5080.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.86 for Linux and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.86 for Linux and Windows" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.86 for Linux and Windows", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.86 for Linux and Windows" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/708819", - "refsource" : "MISC", - "url" : "https://crbug.com/708819" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1399" - }, - { - "name" : "98861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98861" - }, - { - "name" : "1038622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98861" + }, + { + "name": "RHSA-2017:1399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1399" + }, + { + "name": "1038622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038622" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/708819", + "refsource": "MISC", + "url": "https://crbug.com/708819" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5449.json b/2017/5xxx/CVE-2017-5449.json index 42d3af4aafc..2291bc401cb 100644 --- a/2017/5xxx/CVE-2017-5449.json +++ b/2017/5xxx/CVE-2017-5449.json @@ -1,125 +1,125 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Crash during bidirectional unicode manipulation with animation" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1340127", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1340127" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Crash during bidirectional unicode manipulation with animation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340127", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340127" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5562.json b/2017/5xxx/CVE-2017-5562.json index 823c93ca631..558d2d68a10 100644 --- a/2017/5xxx/CVE-2017-5562.json +++ b/2017/5xxx/CVE-2017-5562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5562", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5562", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5615.json b/2017/5xxx/CVE-2017-5615.json index 079249a678e..d485e4dfe9e 100644 --- a/2017/5xxx/CVE-2017-5615.json +++ b/2017/5xxx/CVE-2017-5615.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/28/8" - }, - { - "name" : "https://news.cpanel.com/tsr-2017-0001-full-disclosure/", - "refsource" : "MISC", - "url" : "https://news.cpanel.com/tsr-2017-0001-full-disclosure/" - }, - { - "name" : "95870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95870" + }, + { + "name": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/", + "refsource": "MISC", + "url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/" + }, + { + "name": "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/28/8" + } + ] + } +} \ No newline at end of file