From eecac5cc2183fbced7a67d99cbb770903788714b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:00:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2039.json | 160 ++++++------- 2006/2xxx/CVE-2006-2487.json | 200 ++++++++-------- 2006/2xxx/CVE-2006-2621.json | 34 +-- 2006/2xxx/CVE-2006-2753.json | 370 ++++++++++++++--------------- 2006/2xxx/CVE-2006-2870.json | 160 ++++++------- 2006/3xxx/CVE-2006-3260.json | 190 +++++++-------- 2006/3xxx/CVE-2006-3285.json | 180 +++++++------- 2006/3xxx/CVE-2006-3526.json | 170 ++++++------- 2006/3xxx/CVE-2006-3847.json | 180 +++++++------- 2006/3xxx/CVE-2006-3848.json | 200 ++++++++-------- 2006/4xxx/CVE-2006-4607.json | 190 +++++++-------- 2006/6xxx/CVE-2006-6036.json | 150 ++++++------ 2006/6xxx/CVE-2006-6386.json | 160 ++++++------- 2006/7xxx/CVE-2006-7018.json | 150 ++++++------ 2010/2xxx/CVE-2010-2826.json | 120 +++++----- 2011/0xxx/CVE-2011-0392.json | 150 ++++++------ 2011/0xxx/CVE-2011-0438.json | 170 ++++++------- 2011/0xxx/CVE-2011-0622.json | 150 ++++++------ 2011/1xxx/CVE-2011-1011.json | 260 ++++++++++---------- 2011/1xxx/CVE-2011-1076.json | 150 ++++++------ 2011/1xxx/CVE-2011-1493.json | 170 ++++++------- 2011/3xxx/CVE-2011-3530.json | 150 ++++++------ 2011/3xxx/CVE-2011-3629.json | 34 +-- 2011/3xxx/CVE-2011-3754.json | 140 +++++------ 2011/4xxx/CVE-2011-4036.json | 140 +++++------ 2011/4xxx/CVE-2011-4409.json | 180 +++++++------- 2011/4xxx/CVE-2011-4412.json | 34 +-- 2011/4xxx/CVE-2011-4620.json | 190 +++++++-------- 2011/4xxx/CVE-2011-4884.json | 34 +-- 2011/4xxx/CVE-2011-4928.json | 150 ++++++------ 2013/5xxx/CVE-2013-5316.json | 150 ++++++------ 2013/5xxx/CVE-2013-5523.json | 180 +++++++------- 2013/5xxx/CVE-2013-5686.json | 34 +-- 2014/2xxx/CVE-2014-2212.json | 140 +++++------ 2014/2xxx/CVE-2014-2618.json | 150 ++++++------ 2014/2xxx/CVE-2014-2968.json | 120 +++++----- 2014/6xxx/CVE-2014-6383.json | 140 +++++------ 2014/6xxx/CVE-2014-6411.json | 34 +-- 2014/6xxx/CVE-2014-6701.json | 140 +++++------ 2014/6xxx/CVE-2014-6975.json | 140 +++++------ 2014/7xxx/CVE-2014-7431.json | 140 +++++------ 2014/7xxx/CVE-2014-7928.json | 230 +++++++++--------- 2017/0xxx/CVE-2017-0263.json | 160 ++++++------- 2017/0xxx/CVE-2017-0654.json | 34 +-- 2017/0xxx/CVE-2017-0791.json | 132 +++++----- 2017/0xxx/CVE-2017-0862.json | 122 +++++----- 2017/0xxx/CVE-2017-0933.json | 132 +++++----- 2017/0xxx/CVE-2017-0979.json | 34 +-- 2017/1000xxx/CVE-2017-1000225.json | 124 +++++----- 2017/1000xxx/CVE-2017-1000433.json | 144 +++++------ 2017/18xxx/CVE-2017-18158.json | 132 +++++----- 2017/18xxx/CVE-2017-18263.json | 130 +++++----- 2017/1xxx/CVE-2017-1027.json | 34 +-- 2017/1xxx/CVE-2017-1211.json | 146 ++++++------ 2017/1xxx/CVE-2017-1736.json | 34 +-- 2017/1xxx/CVE-2017-1931.json | 34 +-- 2017/5xxx/CVE-2017-5454.json | 236 +++++++++--------- 2017/5xxx/CVE-2017-5509.json | 190 +++++++-------- 2017/5xxx/CVE-2017-5812.json | 142 +++++------ 59 files changed, 4137 insertions(+), 4137 deletions(-) diff --git a/2006/2xxx/CVE-2006-2039.json b/2006/2xxx/CVE-2006-2039.json index 88d680b626f..530876903ca 100644 --- a/2006/2xxx/CVE-2006-2039.json +++ b/2006/2xxx/CVE-2006-2039.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=411859", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=411859" - }, - { - "name" : "17676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17676" - }, - { - "name" : "ADV-2006-1492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1492" - }, - { - "name" : "19776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19776" - }, - { - "name" : "helpcenterlive-osticket-sql-injection(26040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19776" + }, + { + "name": "ADV-2006-1492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1492" + }, + { + "name": "17676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17676" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=411859", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=411859" + }, + { + "name": "helpcenterlive-osticket-sql-injection(26040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26040" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2487.json b/2006/2xxx/CVE-2006-2487.json index f5fffafabc8..be7b6601ee5 100644 --- a/2006/2xxx/CVE-2006-2487.json +++ b/2006/2xxx/CVE-2006-2487.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060713 ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439969/100/0/threaded" - }, - { - "name" : "1800", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1800" - }, - { - "name" : "18027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18027" - }, - { - "name" : "ADV-2006-1847", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1847" - }, - { - "name" : "25616", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25616" - }, - { - "name" : "1016491", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016491" - }, - { - "name" : "20156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20156" - }, - { - "name" : "scoznews-mainpath-file-include(26520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26520" - }, - { - "name" : "scoznews-functions-file-include(27717)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18027" + }, + { + "name": "20156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20156" + }, + { + "name": "1800", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1800" + }, + { + "name": "scoznews-functions-file-include(27717)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27717" + }, + { + "name": "scoznews-mainpath-file-include(26520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26520" + }, + { + "name": "1016491", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016491" + }, + { + "name": "ADV-2006-1847", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1847" + }, + { + "name": "20060713 ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439969/100/0/threaded" + }, + { + "name": "25616", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25616" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2621.json b/2006/2xxx/CVE-2006-2621.json index 8dfabb6390d..6244868a045 100644 --- a/2006/2xxx/CVE-2006-2621.json +++ b/2006/2xxx/CVE-2006-2621.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2621", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2621", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2753.json b/2006/2xxx/CVE-2006-2753.json index 9cb79f2d00c..0d65e780018 100644 --- a/2006/2xxx/CVE-2006-2753.json +++ b/2006/2xxx/CVE-2006-2753.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.mysql.com/announce/364", - "refsource" : "CONFIRM", - "url" : "http://lists.mysql.com/announce/364" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "DSA-1092", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1092" - }, - { - "name" : "GLSA-200606-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml" - }, - { - "name" : "MDKSA-2006:097", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:097" - }, - { - "name" : "RHSA-2006:0544", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0544.html" - }, - { - "name" : "2006-0034", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0034/" - }, - { - "name" : "USN-303-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/303-1/" - }, - { - "name" : "USN-288-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-288-3" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "18219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18219" - }, - { - "name" : "oval:org.mitre.oval:def:10312", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10312" - }, - { - "name" : "ADV-2006-2105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2105" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "1016216", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016216" - }, - { - "name" : "20365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20365" - }, - { - "name" : "20489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20489" - }, - { - "name" : "20541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20541" - }, - { - "name" : "20531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20531" - }, - { - "name" : "20562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20562" - }, - { - "name" : "20625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20625" - }, - { - "name" : "20712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20712" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "mysql-ascii-sql-injection(26875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1092", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1092" + }, + { + "name": "http://lists.mysql.com/announce/364", + "refsource": "CONFIRM", + "url": "http://lists.mysql.com/announce/364" + }, + { + "name": "mysql-ascii-sql-injection(26875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26875" + }, + { + "name": "20712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20712" + }, + { + "name": "MDKSA-2006:097", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:097" + }, + { + "name": "20541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20541" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "20562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20562" + }, + { + "name": "2006-0034", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0034/" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "GLSA-200606-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml" + }, + { + "name": "20365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20365" + }, + { + "name": "20531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20531" + }, + { + "name": "oval:org.mitre.oval:def:10312", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10312" + }, + { + "name": "ADV-2006-2105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2105" + }, + { + "name": "18219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18219" + }, + { + "name": "20489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20489" + }, + { + "name": "1016216", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016216" + }, + { + "name": "USN-303-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/303-1/" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "USN-288-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-288-3" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735" + }, + { + "name": "20625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20625" + }, + { + "name": "RHSA-2006:0544", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0544.html" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2870.json b/2006/2xxx/CVE-2006-2870.json index f314315a451..78c067fc9ce 100644 --- a/2006/2xxx/CVE-2006-2870.json +++ b/2006/2xxx/CVE-2006-2870.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://colander.altervista.org/advisory/ASPDisc.txt", - "refsource" : "MISC", - "url" : "http://colander.altervista.org/advisory/ASPDisc.txt" - }, - { - "name" : "18237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18237" - }, - { - "name" : "ADV-2006-2113", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2113" - }, - { - "name" : "20425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20425" - }, - { - "name" : "aspdiscussionforum-forumsearch-xss(26929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspdiscussionforum-forumsearch-xss(26929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26929" + }, + { + "name": "http://colander.altervista.org/advisory/ASPDisc.txt", + "refsource": "MISC", + "url": "http://colander.altervista.org/advisory/ASPDisc.txt" + }, + { + "name": "18237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18237" + }, + { + "name": "20425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20425" + }, + { + "name": "ADV-2006-2113", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2113" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3260.json b/2006/3xxx/CVE-2006-3260.json index 2eaee849525..699a551fa30 100644 --- a/2006/3xxx/CVE-2006-3260.json +++ b/2006/3xxx/CVE-2006-3260.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060623 vlbook 1.2 XSS Bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438146/100/0/threaded" - }, - { - "name" : "http://colander.altervista.org/advisory/vlbook.txt", - "refsource" : "MISC", - "url" : "http://colander.altervista.org/advisory/vlbook.txt" - }, - { - "name" : "18618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18618" - }, - { - "name" : "ADV-2006-2505", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2505" - }, - { - "name" : "1016379", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016379" - }, - { - "name" : "20776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20776" - }, - { - "name" : "1150", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1150" - }, - { - "name" : "vlbook-index-xss(27333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2505", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2505" + }, + { + "name": "20776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20776" + }, + { + "name": "18618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18618" + }, + { + "name": "vlbook-index-xss(27333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27333" + }, + { + "name": "20060623 vlbook 1.2 XSS Bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438146/100/0/threaded" + }, + { + "name": "http://colander.altervista.org/advisory/vlbook.txt", + "refsource": "MISC", + "url": "http://colander.altervista.org/advisory/vlbook.txt" + }, + { + "name": "1016379", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016379" + }, + { + "name": "1150", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1150" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3285.json b/2006/3xxx/CVE-2006-3285.json index 714f5e2f8ac..5b253939abb 100644 --- a/2006/3xxx/CVE-2006-3285.json +++ b/2006/3xxx/CVE-2006-3285.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060628 Multiple Vulnerabilities in Wireless Control System", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml" - }, - { - "name" : "18701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18701" - }, - { - "name" : "ADV-2006-2583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2583" - }, - { - "name" : "26884", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26884" - }, - { - "name" : "1016398", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016398" - }, - { - "name" : "20870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20870" - }, - { - "name" : "cisco-wcs-default-database-account(27438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2583" + }, + { + "name": "26884", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26884" + }, + { + "name": "20870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20870" + }, + { + "name": "20060628 Multiple Vulnerabilities in Wireless Control System", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml" + }, + { + "name": "1016398", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016398" + }, + { + "name": "cisco-wcs-default-database-account(27438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27438" + }, + { + "name": "18701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18701" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3526.json b/2006/3xxx/CVE-2006-3526.json index 649ab9b0b8c..b5c1ae46c59 100644 --- a/2006/3xxx/CVE-2006-3526.json +++ b/2006/3xxx/CVE-2006-3526.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060706 Sport-slo.net Guestbook v1.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439491/100/0/threaded" - }, - { - "name" : "ADV-2006-2712", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2712" - }, - { - "name" : "27066", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27066" - }, - { - "name" : "20977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20977" - }, - { - "name" : "1211", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1211" - }, - { - "name" : "sport-slo-guestbook-xss(27629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27066", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27066" + }, + { + "name": "sport-slo-guestbook-xss(27629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27629" + }, + { + "name": "1211", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1211" + }, + { + "name": "ADV-2006-2712", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2712" + }, + { + "name": "20977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20977" + }, + { + "name": "20060706 Sport-slo.net Guestbook v1.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439491/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3847.json b/2006/3xxx/CVE-2006-3847.json index 32d14c1d3da..6af1631c4e4 100644 --- a/2006/3xxx/CVE-2006-3847.json +++ b/2006/3xxx/CVE-2006-3847.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060723 [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440939/100/200/threaded" - }, - { - "name" : "http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html", - "refsource" : "MISC", - "url" : "http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html" - }, - { - "name" : "2062", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2062" - }, - { - "name" : "19122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19122" - }, - { - "name" : "ADV-2006-2932", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2932" - }, - { - "name" : "21166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21166" - }, - { - "name" : "mospray-admin-file-include(27917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060723 [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440939/100/200/threaded" + }, + { + "name": "mospray-admin-file-include(27917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27917" + }, + { + "name": "21166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21166" + }, + { + "name": "http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html", + "refsource": "MISC", + "url": "http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html" + }, + { + "name": "2062", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2062" + }, + { + "name": "19122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19122" + }, + { + "name": "ADV-2006-2932", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2932" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3848.json b/2006/3xxx/CVE-2006-3848.json index d21b90f7534..56d1c4d96d5 100644 --- a/2006/3xxx/CVE-2006-3848.json +++ b/2006/3xxx/CVE-2006-3848.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060722 Low security hole affecting IPCalc's CGI wrapper", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440860/100/100/threaded" - }, - { - "name" : "20060727 Re: Low security hole affecting IPCalc's CGI wrapper", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441304/100/0/threaded" - }, - { - "name" : "20060722 Low security hole affecting IPCalc's CGI wrapper", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0487.html" - }, - { - "name" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/att-0487/NDSA20060705.txt.asc", - "refsource" : "MISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/att-0487/NDSA20060705.txt.asc" - }, - { - "name" : "19130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19130" - }, - { - "name" : "ADV-2006-2944", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2944" - }, - { - "name" : "27446", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27446" - }, - { - "name" : "21151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21151" - }, - { - "name" : "ipcalculator-ipcalc-xss(27924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27446", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27446" + }, + { + "name": "20060727 Re: Low security hole affecting IPCalc's CGI wrapper", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441304/100/0/threaded" + }, + { + "name": "20060722 Low security hole affecting IPCalc's CGI wrapper", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0487.html" + }, + { + "name": "21151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21151" + }, + { + "name": "ipcalculator-ipcalc-xss(27924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27924" + }, + { + "name": "ADV-2006-2944", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2944" + }, + { + "name": "20060722 Low security hole affecting IPCalc's CGI wrapper", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440860/100/100/threaded" + }, + { + "name": "19130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19130" + }, + { + "name": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/att-0487/NDSA20060705.txt.asc", + "refsource": "MISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/att-0487/NDSA20060705.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4607.json b/2006/4xxx/CVE-2006-4607.json index b0e4f609d16..c4197e1dfc9 100644 --- a/2006/4xxx/CVE-2006-4607.json +++ b/2006/4xxx/CVE-2006-4607.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060902 PHP-Revista Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445007/100/0/threaded" - }, - { - "name" : "20090413 Re: PHP-Revista Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502637/100/0/threaded" - }, - { - "name" : "8425", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8425" - }, - { - "name" : "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2009-April/002167.html" - }, - { - "name" : "19818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19818" - }, - { - "name" : "28449", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28449" - }, - { - "name" : "21738", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21738" - }, - { - "name" : "1499", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28449", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28449" + }, + { + "name": "19818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19818" + }, + { + "name": "8425", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8425" + }, + { + "name": "20090413 Re: PHP-Revista Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502637/100/0/threaded" + }, + { + "name": "1499", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1499" + }, + { + "name": "20060902 PHP-Revista Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445007/100/0/threaded" + }, + { + "name": "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2009-April/002167.html" + }, + { + "name": "21738", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21738" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6036.json b/2006/6xxx/CVE-2006-6036.json index 684f4065b35..c05fc888ded 100644 --- a/2006/6xxx/CVE-2006-6036.json +++ b/2006/6xxx/CVE-2006-6036.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/openhuman/?branch_id=67092&release_id=240896", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/openhuman/?branch_id=67092&release_id=240896" - }, - { - "name" : "ADV-2006-4574", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4574" - }, - { - "name" : "30337", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30337" - }, - { - "name" : "openhuman-unspecified-sql-injection(30358)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4574", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4574" + }, + { + "name": "30337", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30337" + }, + { + "name": "openhuman-unspecified-sql-injection(30358)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30358" + }, + { + "name": "http://freshmeat.net/projects/openhuman/?branch_id=67092&release_id=240896", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/openhuman/?branch_id=67092&release_id=240896" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6386.json b/2006/6xxx/CVE-2006-6386.json index de644614bf7..5338a158f37 100644 --- a/2006/6xxx/CVE-2006-6386.json +++ b/2006/6xxx/CVE-2006-6386.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/101540", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/101540" - }, - { - "name" : "21455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21455" - }, - { - "name" : "ADV-2006-4870", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4870" - }, - { - "name" : "23261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23261" - }, - { - "name" : "drupalcvs-motivation-xss(30748)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/101540", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/101540" + }, + { + "name": "23261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23261" + }, + { + "name": "drupalcvs-motivation-xss(30748)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30748" + }, + { + "name": "21455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21455" + }, + { + "name": "ADV-2006-4870", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4870" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7018.json b/2006/7xxx/CVE-2006-7018.json index 7cd45eb0e8b..33873422ac9 100644 --- a/2006/7xxx/CVE-2006-7018.json +++ b/2006/7xxx/CVE-2006-7018.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpwcms.de/forum/viewtopic.php?t=10958", - "refsource" : "CONFIRM", - "url" : "http://www.phpwcms.de/forum/viewtopic.php?t=10958" - }, - { - "name" : "ADV-2006-1556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1556" - }, - { - "name" : "19866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19866" - }, - { - "name" : "phpwcms-mailfileform-file-include(26126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19866" + }, + { + "name": "http://www.phpwcms.de/forum/viewtopic.php?t=10958", + "refsource": "CONFIRM", + "url": "http://www.phpwcms.de/forum/viewtopic.php?t=10958" + }, + { + "name": "ADV-2006-1556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1556" + }, + { + "name": "phpwcms-mailfileform-file-include(26126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26126" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2826.json b/2010/2xxx/CVE-2010-2826.json index bee4e398658..f33e8fb7f48 100644 --- a/2010/2xxx/CVE-2010-2826.json +++ b/2010/2xxx/CVE-2010-2826.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100811 SQL Injection Vulnerability in Cisco Wireless Control System", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100811 SQL Injection Vulnerability in Cisco Wireless Control System", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0392.json b/2011/0xxx/CVE-2011-0392.json index 3da99e401c3..647fc62b68b 100644 --- a/2011/0xxx/CVE-2011-0392.json +++ b/2011/0xxx/CVE-2011-0392.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml" - }, - { - "name" : "46522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46522" - }, - { - "name" : "1025114", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025114" - }, - { - "name" : "telepresence-xmlrpc-security-bypass(65609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "telepresence-xmlrpc-security-bypass(65609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65609" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml" + }, + { + "name": "1025114", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025114" + }, + { + "name": "46522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46522" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0438.json b/2011/0xxx/CVE-2011-0438.json index 8491aa56df0..437c3617f0c 100644 --- a/2011/0xxx/CVE-2011-0438.json +++ b/2011/0xxx/CVE-2011-0438.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nss-pam-ldapd-announce] 20110309 nss-pam-ldapd security advisory (CVE-2011-0438)", - "refsource" : "MLIST", - "url" : "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/msg00000.html" - }, - { - "name" : "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txt", - "refsource" : "MISC", - "url" : "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txt" - }, - { - "name" : "http://arthurdejong.org/nss-pam-ldapd/news.html#20110309", - "refsource" : "CONFIRM", - "url" : "http://arthurdejong.org/nss-pam-ldapd/news.html#20110309" - }, - { - "name" : "46819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46819" - }, - { - "name" : "8132", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8132" - }, - { - "name" : "nsspamldapd-pam-sec-bypass(66028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8132", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8132" + }, + { + "name": "46819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46819" + }, + { + "name": "nsspamldapd-pam-sec-bypass(66028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66028" + }, + { + "name": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txt", + "refsource": "MISC", + "url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txt" + }, + { + "name": "[nss-pam-ldapd-announce] 20110309 nss-pam-ldapd security advisory (CVE-2011-0438)", + "refsource": "MLIST", + "url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/msg00000.html" + }, + { + "name": "http://arthurdejong.org/nss-pam-ldapd/news.html#20110309", + "refsource": "CONFIRM", + "url": "http://arthurdejong.org/nss-pam-ldapd/news.html#20110309" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0622.json b/2011/0xxx/CVE-2011-0622.json index d6306731a4b..edb9f571e27 100644 --- a/2011/0xxx/CVE-2011-0622.json +++ b/2011/0xxx/CVE-2011-0622.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html" - }, - { - "name" : "SUSE-SA:2011:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:14113", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14113" - }, - { - "name" : "oval:org.mitre.oval:def:16241", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16241", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16241" + }, + { + "name": "oval:org.mitre.oval:def:14113", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14113" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" + }, + { + "name": "SUSE-SA:2011:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1011.json b/2011/1xxx/CVE-2011-1011.json index 613577d779d..c228b05229f 100644 --- a/2011/1xxx/CVE-2011-1011.json +++ b/2011/1xxx/CVE-2011-1011.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html" - }, - { - "name" : "[oss-security] 20110222 CVE Request", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/23/1" - }, - { - "name" : "[oss-security] 20110223 Re: CVE Request", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/23/2" - }, - { - "name" : "http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob;f=policycoreutils-rhat.patch;h=d4db5bc06027de23d12a4b3f18fa6f9b1517df27;hb=HEAD#l2197", - "refsource" : "CONFIRM", - "url" : "http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob;f=policycoreutils-rhat.patch;h=d4db5bc06027de23d12a4b3f18fa6f9b1517df27;hb=HEAD#l2197" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=633544", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=633544" - }, - { - "name" : "FEDORA-2011-3043", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html" - }, - { - "name" : "RHSA-2011:0414", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0414.html" - }, - { - "name" : "46510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46510" - }, - { - "name" : "1025291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025291" - }, - { - "name" : "43415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43415" - }, - { - "name" : "44034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44034" - }, - { - "name" : "43844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43844" - }, - { - "name" : "ADV-2011-0864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0864" - }, - { - "name" : "ADV-2011-0701", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0701" - }, - { - "name" : "policycoreutils-seunshare-symlink(65641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=633544", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=633544" + }, + { + "name": "44034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44034" + }, + { + "name": "20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html" + }, + { + "name": "1025291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025291" + }, + { + "name": "http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob;f=policycoreutils-rhat.patch;h=d4db5bc06027de23d12a4b3f18fa6f9b1517df27;hb=HEAD#l2197", + "refsource": "CONFIRM", + "url": "http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob;f=policycoreutils-rhat.patch;h=d4db5bc06027de23d12a4b3f18fa6f9b1517df27;hb=HEAD#l2197" + }, + { + "name": "policycoreutils-seunshare-symlink(65641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65641" + }, + { + "name": "43844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43844" + }, + { + "name": "ADV-2011-0701", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0701" + }, + { + "name": "FEDORA-2011-3043", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html" + }, + { + "name": "RHSA-2011:0414", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0414.html" + }, + { + "name": "ADV-2011-0864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0864" + }, + { + "name": "46510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46510" + }, + { + "name": "[oss-security] 20110222 CVE Request", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/23/1" + }, + { + "name": "43415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43415" + }, + { + "name": "[oss-security] 20110223 Re: CVE Request", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/23/2" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1076.json b/2011/1xxx/CVE-2011-1076.json index 5d6107f081f..0727b4b682f 100644 --- a/2011/1xxx/CVE-2011-1076.json +++ b/2011/1xxx/CVE-2011-1076.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110304 CVE-2011-1076 kernel: DNS: Fix a NULL pointer deref when trying to read an error key", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1362fa078dae16776cd439791c6605b224ea6171", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1362fa078dae16776cd439791c6605b224ea6171" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" - }, - { - "name" : "1025162", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1362fa078dae16776cd439791c6605b224ea6171", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1362fa078dae16776cd439791c6605b224ea6171" + }, + { + "name": "[oss-security] 20110304 CVE-2011-1076 kernel: DNS: Fix a NULL pointer deref when trying to read an error key", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/13" + }, + { + "name": "1025162", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025162" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1493.json b/2011/1xxx/CVE-2011-1493.json index 864d290f0af..e32cb1ca752 100644 --- a/2011/1xxx/CVE-2011-1493.json +++ b/2011/1xxx/CVE-2011-1493.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110405 Re: CVE request: kernel: multiple issues in ROSE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/04/05/19" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=be20250c13f88375345ad99950190685eda51eb8", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=be20250c13f88375345ad99950190685eda51eb8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=770777", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=770777" - }, - { - "name" : "https://github.com/torvalds/linux/commit/be20250c13f88375345ad99950190685eda51eb8", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/be20250c13f88375345ad99950190685eda51eb8" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/be20250c13f88375345ad99950190685eda51eb8", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/be20250c13f88375345ad99950190685eda51eb8" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=be20250c13f88375345ad99950190685eda51eb8", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=be20250c13f88375345ad99950190685eda51eb8" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=770777", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770777" + }, + { + "name": "[oss-security] 20110405 Re: CVE request: kernel: multiple issues in ROSE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/04/05/19" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3530.json b/2011/3xxx/CVE-2011-3530.json index 13a7ed524fe..43345dbbda9 100644 --- a/2011/3xxx/CVE-2011-3530.json +++ b/2011/3xxx/CVE-2011-3530.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality via unknown vectors related to eDevelopment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50238" - }, - { - "name" : "46505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46505" - }, - { - "name" : "ops-psehrms-edev-unspecified(70804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality via unknown vectors related to eDevelopment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "ops-psehrms-edev-unspecified(70804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70804" + }, + { + "name": "46505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46505" + }, + { + "name": "50238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50238" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3629.json b/2011/3xxx/CVE-2011-3629.json index 1f6a9cfbc3d..5cd91b21088 100644 --- a/2011/3xxx/CVE-2011-3629.json +++ b/2011/3xxx/CVE-2011-3629.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3629", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3629", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3754.json b/2011/3xxx/CVE-2011-3754.json index f5cf696297d..a1f442bf432 100644 --- a/2011/3xxx/CVE-2011-3754.json +++ b/2011/3xxx/CVE-2011-3754.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4036.json b/2011/4xxx/CVE-2011-4036.json index c7c9ba55bf2..97bea6d6034 100644 --- a/2011/4xxx/CVE-2011-4036.json +++ b/2011/4xxx/CVE-2011-4036.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf" - }, - { - "name" : "http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695", - "refsource" : "CONFIRM", - "url" : "http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695" - }, - { - "name" : "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page", - "refsource" : "CONFIRM", - "url" : "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page", + "refsource": "CONFIRM", + "url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf" + }, + { + "name": "http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695", + "refsource": "CONFIRM", + "url": "http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4409.json b/2011/4xxx/CVE-2011-4409.json index f6326ba35be..e08a2496338 100644 --- a/2011/4xxx/CVE-2011-4409.json +++ b/2011/4xxx/CVE-2011-4409.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-4409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-1465-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1465-1" - }, - { - "name" : "USN-1465-2", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1465-2" - }, - { - "name" : "USN-1465-3", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1465-3" - }, - { - "name" : "53828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53828" - }, - { - "name" : "82748", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82748" - }, - { - "name" : "49442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49442" - }, - { - "name" : "ubuntuoneclient-ssl-info-disc(76113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49442" + }, + { + "name": "USN-1465-3", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1465-3" + }, + { + "name": "USN-1465-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1465-1" + }, + { + "name": "82748", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82748" + }, + { + "name": "USN-1465-2", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1465-2" + }, + { + "name": "ubuntuoneclient-ssl-info-disc(76113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76113" + }, + { + "name": "53828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53828" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4412.json b/2011/4xxx/CVE-2011-4412.json index 4e0ac69e2a3..bd108bc6e66 100644 --- a/2011/4xxx/CVE-2011-4412.json +++ b/2011/4xxx/CVE-2011-4412.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4412", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4412", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4620.json b/2011/4xxx/CVE-2011-4620.json index e121670de3a..ccfed8ebe37 100644 --- a/2011/4xxx/CVE-2011-4620.json +++ b/2011/4xxx/CVE-2011-4620.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18258", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18258/" - }, - { - "name" : "[oss-security] 20111221 plib ulSetError() buffer overflow - CVE-2011-4620", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/12/21/2" - }, - { - "name" : "GLSA-201606-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-16" - }, - { - "name" : "openSUSE-SU-2012:1506", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:0146", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html" - }, - { - "name" : "77973", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77973" - }, - { - "name" : "47297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47297" - }, - { - "name" : "51340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51340" + }, + { + "name": "47297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47297" + }, + { + "name": "18258", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18258/" + }, + { + "name": "GLSA-201606-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-16" + }, + { + "name": "77973", + "refsource": "OSVDB", + "url": "http://osvdb.org/77973" + }, + { + "name": "openSUSE-SU-2012:1506", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html" + }, + { + "name": "[oss-security] 20111221 plib ulSetError() buffer overflow - CVE-2011-4620", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/12/21/2" + }, + { + "name": "openSUSE-SU-2013:0146", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4884.json b/2011/4xxx/CVE-2011-4884.json index d8d6fa47323..e0a145226be 100644 --- a/2011/4xxx/CVE-2011-4884.json +++ b/2011/4xxx/CVE-2011-4884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4884", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4884", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4928.json b/2011/4xxx/CVE-2011-4928.json index fa1f41e67c3..08d43c1018d 100644 --- a/2011/4xxx/CVE-2011-4928.json +++ b/2011/4xxx/CVE-2011-4928.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120106 CVE request: redmine issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/06/5" - }, - { - "name" : "[oss-security] 20120106 Re: CVE request: redmine issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/06/7" - }, - { - "name" : "http://www.redmine.org/news/49", - "refsource" : "CONFIRM", - "url" : "http://www.redmine.org/news/49" - }, - { - "name" : "DSA-2261", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120106 CVE request: redmine issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/06/5" + }, + { + "name": "DSA-2261", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2261" + }, + { + "name": "[oss-security] 20120106 Re: CVE request: redmine issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/06/7" + }, + { + "name": "http://www.redmine.org/news/49", + "refsource": "CONFIRM", + "url": "http://www.redmine.org/news/49" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5316.json b/2013/5xxx/CVE-2013-5316.json index 849108674fd..1b724770c0c 100644 --- a/2013/5xxx/CVE-2013-5316.json +++ b/2013/5xxx/CVE-2013-5316.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27315", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/27315" - }, - { - "name" : "http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - }, - { - "name" : "61587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61587" - }, - { - "name" : "ritecms-index-csrf(86193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61587" + }, + { + "name": "http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + }, + { + "name": "ritecms-index-csrf(86193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86193" + }, + { + "name": "27315", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/27315" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5523.json b/2013/5xxx/CVE-2013-5523.json index 4de9458c140..6caebcc9bca 100644 --- a/2013/5xxx/CVE-2013-5523.json +++ b/2013/5xxx/CVE-2013-5523.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCui82666." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161" - }, - { - "name" : "20131007 Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523" - }, - { - "name" : "62869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62869" - }, - { - "name" : "98168", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98168" - }, - { - "name" : "1029157", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029157" - }, - { - "name" : "55207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55207" - }, - { - "name" : "cisco-ise-cve20135523-xfs(87724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCui82666." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029157", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029157" + }, + { + "name": "98168", + "refsource": "OSVDB", + "url": "http://osvdb.org/98168" + }, + { + "name": "20131007 Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523" + }, + { + "name": "cisco-ise-cve20135523-xfs(87724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87724" + }, + { + "name": "62869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62869" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161" + }, + { + "name": "55207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55207" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5686.json b/2013/5xxx/CVE-2013-5686.json index 4131da7f6a8..417d4c26cfd 100644 --- a/2013/5xxx/CVE-2013-5686.json +++ b/2013/5xxx/CVE-2013-5686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2212.json b/2014/2xxx/CVE-2014-2212.json index acd861a4b84..0e6061e2491 100644 --- a/2014/2xxx/CVE-2014-2212.json +++ b/2014/2xxx/CVE-2014-2212.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/444" - }, - { - "name" : "http://www.sysdream.com/CVE-2014-2211_2214", - "refsource" : "MISC", - "url" : "http://www.sysdream.com/CVE-2014-2211_2214" - }, - { - "name" : "http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf", - "refsource" : "MISC", - "url" : "http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sysdream.com/CVE-2014-2211_2214", + "refsource": "MISC", + "url": "http://www.sysdream.com/CVE-2014-2211_2214" + }, + { + "name": "http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf", + "refsource": "MISC", + "url": "http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf" + }, + { + "name": "[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/444" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2618.json b/2014/2xxx/CVE-2014-2618.json index 37313e88821..55fed207f14 100644 --- a/2014/2xxx/CVE-2014-2618.json +++ b/2014/2xxx/CVE-2014-2618.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2080." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF02913", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" - }, - { - "name" : "SSRT101406", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" - }, - { - "name" : "68540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68540" - }, - { - "name" : "1030568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2080." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBHF02913", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" + }, + { + "name": "SSRT101406", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" + }, + { + "name": "68540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68540" + }, + { + "name": "1030568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030568" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2968.json b/2014/2xxx/CVE-2014-2968.json index 698a1b63a68..ee8c7ff6f99 100644 --- a/2014/2xxx/CVE-2014-2968.json +++ b/2014/2xxx/CVE-2014-2968.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#688812", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/688812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#688812", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/688812" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6383.json b/2014/6xxx/CVE-2014-6383.json index 121da1d5b46..493832b81e2 100644 --- a/2014/6xxx/CVE-2014-6383.json +++ b/2014/6xxx/CVE-2014-6383.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10666", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10666" - }, - { - "name" : "72071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72071" - }, - { - "name" : "1031549", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10666", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10666" + }, + { + "name": "1031549", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031549" + }, + { + "name": "72071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72071" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6411.json b/2014/6xxx/CVE-2014-6411.json index 3fd580efd74..77ae1a1b305 100644 --- a/2014/6xxx/CVE-2014-6411.json +++ b/2014/6xxx/CVE-2014-6411.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6411", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6411", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6701.json b/2014/6xxx/CVE-2014-6701.json index 6f2074cefb2..2ec29d36fb3 100644 --- a/2014/6xxx/CVE-2014-6701.json +++ b/2014/6xxx/CVE-2014-6701.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#234369", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/234369" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#234369", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/234369" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6975.json b/2014/6xxx/CVE-2014-6975.json index 7af5273a3c9..c6ac090ec5f 100644 --- a/2014/6xxx/CVE-2014-6975.json +++ b/2014/6xxx/CVE-2014-6975.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Twin Lin (aka com.twinlin.twmo) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#913201", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/913201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Twin Lin (aka com.twinlin.twmo) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#913201", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/913201" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7431.json b/2014/7xxx/CVE-2014-7431.json index 353bcc3417e..6a98c19af74 100644 --- a/2014/7xxx/CVE-2014-7431.json +++ b/2014/7xxx/CVE-2014-7431.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#308729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/308729" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#308729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/308729" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7928.json b/2014/7xxx/CVE-2014-7928.json index 9872659ef45..e41839a064a 100644 --- a/2014/7xxx/CVE-2014-7928.json +++ b/2014/7xxx/CVE-2014-7928.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=435073", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=435073" - }, - { - "name" : "https://codereview.chromium.org/737383002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/737383002" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "https://codereview.chromium.org/737383002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/737383002" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=435073", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=435073" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0263.json b/2017/0xxx/CVE-2017-0263.json index 4df878a7969..ab14b6b0bf5 100644 --- a/2017/0xxx/CVE-2017-0263.json +++ b/2017/0xxx/CVE-2017-0263.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44478", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44478/" - }, - { - "name" : "https://xiaodaozhi.com/exploit/117.html", - "refsource" : "MISC", - "url" : "https://xiaodaozhi.com/exploit/117.html" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263" - }, - { - "name" : "98258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98258" - }, - { - "name" : "1038449", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263" + }, + { + "name": "1038449", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038449" + }, + { + "name": "98258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98258" + }, + { + "name": "https://xiaodaozhi.com/exploit/117.html", + "refsource": "MISC", + "url": "https://xiaodaozhi.com/exploit/117.html" + }, + { + "name": "44478", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44478/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0654.json b/2017/0xxx/CVE-2017-0654.json index b69e69bbf50..71817c21854 100644 --- a/2017/0xxx/CVE-2017-0654.json +++ b/2017/0xxx/CVE-2017-0654.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0654", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0654", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0791.json b/2017/0xxx/CVE-2017-0791.json index 9c43ab00ab8..1b72069d87b 100644 --- a/2017/0xxx/CVE-2017-0791.json +++ b/2017/0xxx/CVE-2017-0791.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100655" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0862.json b/2017/0xxx/CVE-2017-0862.json index 322c5c756c0..30b860760bf 100644 --- a/2017/0xxx/CVE-2017-0862.json +++ b/2017/0xxx/CVE-2017-0862.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0933.json b/2017/0xxx/CVE-2017-0933.json index e7258b39c1e..a59fd0b692a 100644 --- a/2017/0xxx/CVE-2017-0933.json +++ b/2017/0xxx/CVE-2017-0933.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2017-05-01T00:00:00", - "ID" : "CVE-2017-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EdgeRouter X", - "version" : { - "version_data" : [ - { - "version_value" : "EdgeOS v1.9.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Ubiquiti Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CWE-352)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2017-05-01T00:00:00", + "ID": "CVE-2017-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EdgeRouter X", + "version": { + "version_data": [ + { + "version_value": "EdgeOS v1.9.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Ubiquiti Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/240098", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/240098" - }, - { - "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", - "refsource" : "CONFIRM", - "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", + "refsource": "CONFIRM", + "url": "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524" + }, + { + "name": "https://hackerone.com/reports/240098", + "refsource": "MISC", + "url": "https://hackerone.com/reports/240098" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0979.json b/2017/0xxx/CVE-2017-0979.json index 5bfecf4d3b0..d5a14a191e4 100644 --- a/2017/0xxx/CVE-2017-0979.json +++ b/2017/0xxx/CVE-2017-0979.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0979", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0979", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000225.json b/2017/1000xxx/CVE-2017-1000225.json index 816397dd17e..d59c6cdc187 100644 --- a/2017/1000xxx/CVE-2017-1000225.json +++ b/2017/1000xxx/CVE-2017-1000225.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.454723", - "ID" : "CVE-2017-1000225", - "REQUESTER" : "tom@dxw.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Relevanssi Premium", - "version" : { - "version_data" : [ - { - "version_value" : "1.14.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mikko Saari" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.454723", + "ID": "CVE-2017-1000225", + "REQUESTER": "tom@dxw.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.dxw.com/advisories/reflected-xss-in-relevanssi-premium-when-using-relevanssi_didyoumean-could-allow-unauthenticated-attacker-to-do-almost-anything-an-admin-can/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/reflected-xss-in-relevanssi-premium-when-using-relevanssi_didyoumean-could-allow-unauthenticated-attacker-to-do-almost-anything-an-admin-can/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.dxw.com/advisories/reflected-xss-in-relevanssi-premium-when-using-relevanssi_didyoumean-could-allow-unauthenticated-attacker-to-do-almost-anything-an-admin-can/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/reflected-xss-in-relevanssi-premium-when-using-relevanssi_didyoumean-could-allow-unauthenticated-attacker-to-do-almost-anything-an-admin-can/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000433.json b/2017/1000xxx/CVE-2017-1000433.json index 1368f42ac8d..d06b2ec06cc 100644 --- a/2017/1000xxx/CVE-2017-1000433.json +++ b/2017/1000xxx/CVE-2017-1000433.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000433", - "REQUESTER" : "predrag.gruevski@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pysaml2", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.0 and older" - } - ] - } - } - ] - }, - "vendor_name" : "pysaml2" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000433", + "REQUESTER": "predrag.gruevski@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180701 [SECURITY] [DLA 1410-1] python-pysaml2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00000.html" - }, - { - "name" : "https://github.com/rohe/pysaml2/issues/451", - "refsource" : "CONFIRM", - "url" : "https://github.com/rohe/pysaml2/issues/451" - }, - { - "name" : "GLSA-201801-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180701 [SECURITY] [DLA 1410-1] python-pysaml2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00000.html" + }, + { + "name": "https://github.com/rohe/pysaml2/issues/451", + "refsource": "CONFIRM", + "url": "https://github.com/rohe/pysaml2/issues/451" + }, + { + "name": "GLSA-201801-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-11" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18158.json b/2017/18xxx/CVE-2017-18158.json index 49c0c29bade..bc32fdf161a 100644 --- a/2017/18xxx/CVE-2017-18158.json +++ b/2017/18xxx/CVE-2017-18158.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2017-18158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2017-18158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=316136f292cedaecf17823d6f3b63cf2d11314b3", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=316136f292cedaecf17823d6f3b63cf2d11314b3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=316136f292cedaecf17823d6f3b63cf2d11314b3", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=316136f292cedaecf17823d6f3b63cf2d11314b3" + }, + { + "name": "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18263.json b/2017/18xxx/CVE-2017-18263.json index 30e1fd8e157..02c5083a34c 100644 --- a/2017/18xxx/CVE-2017-18263.json +++ b/2017/18xxx/CVE-2017-18263.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/147274/Seagate-Media-Server-Path-Traversal.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/147274/Seagate-Media-Server-Path-Traversal.html" - }, - { - "name" : "https://sumofpwn.nl/advisory/2017/seagate-media-server-path-traversal-vulnerability.html", - "refsource" : "MISC", - "url" : "https://sumofpwn.nl/advisory/2017/seagate-media-server-path-traversal-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sumofpwn.nl/advisory/2017/seagate-media-server-path-traversal-vulnerability.html", + "refsource": "MISC", + "url": "https://sumofpwn.nl/advisory/2017/seagate-media-server-path-traversal-vulnerability.html" + }, + { + "name": "https://packetstormsecurity.com/files/147274/Seagate-Media-Server-Path-Traversal.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/147274/Seagate-Media-Server-Path-Traversal.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1027.json b/2017/1xxx/CVE-2017-1027.json index 2c6af45f1c2..eca0461dfb8 100644 --- a/2017/1xxx/CVE-2017-1027.json +++ b/2017/1xxx/CVE-2017-1027.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1027", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1027", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1211.json b/2017/1xxx/CVE-2017-1211.json index 42847490354..77cea8ffab6 100644 --- a/2017/1xxx/CVE-2017-1211.json +++ b/2017/1xxx/CVE-2017-1211.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Daeja ViewONE", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.5.1" - }, - { - "version_value" : "5.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Daeja ViewONE", + "version": { + "version_data": [ + { + "version_value": "4.1.5.1" + }, + { + "version_value": "5.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123851", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123851" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008011", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008011" - }, - { - "name" : "101526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22008011", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22008011" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123851", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123851" + }, + { + "name": "101526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101526" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1736.json b/2017/1xxx/CVE-2017-1736.json index 08c90fbb854..053c9ad3ec5 100644 --- a/2017/1xxx/CVE-2017-1736.json +++ b/2017/1xxx/CVE-2017-1736.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1736", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1736", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1931.json b/2017/1xxx/CVE-2017-1931.json index fbad7cab418..8bef1b86238 100644 --- a/2017/1xxx/CVE-2017-1931.json +++ b/2017/1xxx/CVE-2017-1931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1931", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1931", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5454.json b/2017/5xxx/CVE-2017-5454.json index 53edd759752..82e68ad3d24 100644 --- a/2017/5xxx/CVE-2017-5454.json +++ b/2017/5xxx/CVE-2017-5454.json @@ -1,120 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sandbox escape allowing file system read access through file picker" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1349276", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1349276" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sandbox escape allowing file system read access through file picker" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349276", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349276" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5509.json b/2017/5xxx/CVE-2017-5509.json index f800afa9fcd..1e93ca6beaa 100644 --- a/2017/5xxx/CVE-2017-5509.json +++ b/2017/5xxx/CVE-2017-5509.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-5509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/16/6" - }, - { - "name" : "[oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/17/5" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851377", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851377" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/37a1710e2dab6ed91128ea648d654a22fbe2a6af", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/37a1710e2dab6ed91128ea648d654a22fbe2a6af" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/d4ec73f866a7c42a2e7f301fcd696e5cb7a7d3ab", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/d4ec73f866a7c42a2e7f301fcd696e5cb7a7d3ab" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/350", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/350" - }, - { - "name" : "GLSA-201702-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-09" - }, - { - "name" : "95751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/16/6" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851377", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851377" + }, + { + "name": "GLSA-201702-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-09" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/37a1710e2dab6ed91128ea648d654a22fbe2a6af", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/37a1710e2dab6ed91128ea648d654a22fbe2a6af" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/d4ec73f866a7c42a2e7f301fcd696e5cb7a7d3ab", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/d4ec73f866a7c42a2e7f301fcd696e5cb7a7d3ab" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/350", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/350" + }, + { + "name": "95751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95751" + }, + { + "name": "[oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/17/5" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5812.json b/2017/5xxx/CVE-2017-5812.json index 64a50980a1a..bed1e810806 100644 --- a/2017/5xxx/CVE-2017-5812.json +++ b/2017/5xxx/CVE-2017-5812.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-05-04T00:00:00", - "ID" : "CVE-2017-5812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Automation", - "version" : { - "version_data" : [ - { - "version_value" : "9.1x, 9.2x, 10.0x, 10.1x and 10.2x" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-05-04T00:00:00", + "ID": "CVE-2017-5812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Automation", + "version": { + "version_data": [ + { + "version_value": "9.1x, 9.2x, 10.0x, 10.1x and 10.2x" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us" - }, - { - "name" : "98331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98331" - }, - { - "name" : "1038407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us" + }, + { + "name": "98331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98331" + }, + { + "name": "1038407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038407" + } + ] + } +} \ No newline at end of file