From efb7012ad793cb2d02290217b2728da56768e84b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:57:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0127.json | 170 +++++++------- 2006/0xxx/CVE-2006-0690.json | 170 +++++++------- 2006/3xxx/CVE-2006-3106.json | 130 +++++------ 2006/3xxx/CVE-2006-3610.json | 120 +++++----- 2006/4xxx/CVE-2006-4001.json | 170 +++++++------- 2006/4xxx/CVE-2006-4207.json | 170 +++++++------- 2006/4xxx/CVE-2006-4363.json | 160 ++++++------- 2006/4xxx/CVE-2006-4470.json | 160 ++++++------- 2006/4xxx/CVE-2006-4551.json | 140 +++++------ 2006/4xxx/CVE-2006-4716.json | 150 ++++++------ 2006/6xxx/CVE-2006-6014.json | 120 +++++----- 2006/6xxx/CVE-2006-6087.json | 170 +++++++------- 2006/7xxx/CVE-2006-7103.json | 190 +++++++-------- 2006/7xxx/CVE-2006-7218.json | 140 +++++------ 2010/2xxx/CVE-2010-2256.json | 140 +++++------ 2010/2xxx/CVE-2010-2898.json | 150 ++++++------ 2011/0xxx/CVE-2011-0064.json | 340 +++++++++++++-------------- 2011/0xxx/CVE-2011-0359.json | 34 +-- 2011/0xxx/CVE-2011-0790.json | 120 +++++----- 2011/0xxx/CVE-2011-0809.json | 120 +++++----- 2011/0xxx/CVE-2011-0885.json | 190 +++++++-------- 2011/1xxx/CVE-2011-1303.json | 140 +++++------ 2011/1xxx/CVE-2011-1408.json | 34 +-- 2011/1xxx/CVE-2011-1427.json | 160 ++++++------- 2011/4xxx/CVE-2011-4836.json | 120 +++++----- 2011/5xxx/CVE-2011-5009.json | 180 +++++++-------- 2014/2xxx/CVE-2014-2379.json | 120 +++++----- 2014/2xxx/CVE-2014-2925.json | 160 ++++++------- 2014/3xxx/CVE-2014-3099.json | 160 ++++++------- 2014/3xxx/CVE-2014-3338.json | 170 +++++++------- 2014/3xxx/CVE-2014-3398.json | 120 +++++----- 2014/3xxx/CVE-2014-3885.json | 130 +++++------ 2014/6xxx/CVE-2014-6092.json | 120 +++++----- 2014/6xxx/CVE-2014-6574.json | 130 +++++------ 2014/6xxx/CVE-2014-6838.json | 140 +++++------ 2014/6xxx/CVE-2014-6908.json | 140 +++++------ 2014/6xxx/CVE-2014-6976.json | 140 +++++------ 2014/7xxx/CVE-2014-7242.json | 130 +++++------ 2014/7xxx/CVE-2014-7436.json | 140 +++++------ 2014/7xxx/CVE-2014-7538.json | 140 +++++------ 2014/7xxx/CVE-2014-7606.json | 140 +++++------ 2016/2xxx/CVE-2016-2102.json | 120 +++++----- 2016/2xxx/CVE-2016-2113.json | 410 ++++++++++++++++----------------- 2016/2xxx/CVE-2016-2204.json | 140 +++++------ 2016/2xxx/CVE-2016-2264.json | 34 +-- 2016/2xxx/CVE-2016-2887.json | 130 +++++------ 2017/18xxx/CVE-2017-18008.json | 140 +++++------ 2017/18xxx/CVE-2017-18076.json | 150 ++++++------ 2017/18xxx/CVE-2017-18270.json | 160 ++++++------- 2017/1xxx/CVE-2017-1026.json | 34 +-- 2017/1xxx/CVE-2017-1623.json | 148 ++++++------ 2017/5xxx/CVE-2017-5089.json | 180 +++++++-------- 2017/5xxx/CVE-2017-5829.json | 142 ++++++------ 2017/5xxx/CVE-2017-5879.json | 130 +++++------ 54 files changed, 3943 insertions(+), 3943 deletions(-) diff --git a/2006/0xxx/CVE-2006-0127.json b/2006/0xxx/CVE-2006-0127.json index 10f6004d92f..ba7d0b2ffab 100644 --- a/2006/0xxx/CVE-2006-0127.json +++ b/2006/0xxx/CVE-2006-0127.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060104 Rockliffe Directory Transversal Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040969.html" - }, - { - "name" : "20060105 Re: Rockliffe Directory Transversal Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041039.html" - }, - { - "name" : "http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt", - "refsource" : "MISC", - "url" : "http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt" - }, - { - "name" : "ADV-2006-0055", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0055" - }, - { - "name" : "22229", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22229" - }, - { - "name" : "18318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060104 Rockliffe Directory Transversal Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040969.html" + }, + { + "name": "22229", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22229" + }, + { + "name": "ADV-2006-0055", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0055" + }, + { + "name": "20060105 Re: Rockliffe Directory Transversal Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041039.html" + }, + { + "name": "18318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18318" + }, + { + "name": "http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt", + "refsource": "MISC", + "url": "http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0690.json b/2006/0xxx/CVE-2006-0690.json index d5f879f2c23..ebb4185533b 100644 --- a/2006/0xxx/CVE-2006-0690.json +++ b/2006/0xxx/CVE-2006-0690.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060219 [eVuln] Time Tracking Software Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425505/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/69/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/69/summary.html" - }, - { - "name" : "16630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16630" - }, - { - "name" : "ADV-2006-0524", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0524" - }, - { - "name" : "18854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18854" - }, - { - "name" : "timetracking-multiple-sql-injection(24571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0524", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0524" + }, + { + "name": "http://www.evuln.com/vulns/69/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/69/summary.html" + }, + { + "name": "16630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16630" + }, + { + "name": "20060219 [eVuln] Time Tracking Software Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425505/100/0/threaded" + }, + { + "name": "timetracking-multiple-sql-injection(24571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24571" + }, + { + "name": "18854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18854" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3106.json b/2006/3xxx/CVE-2006-3106.json index f5eef286f1f..4e31935e7ff 100644 --- a/2006/3xxx/CVE-2006-3106.json +++ b/2006/3xxx/CVE-2006-3106.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1016201", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016201" - }, - { - "name" : "phpmydesktop|arcade-index-xss(27345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016201", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016201" + }, + { + "name": "phpmydesktop|arcade-index-xss(27345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27345" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3610.json b/2006/3xxx/CVE-2006-3610.json index 7abbbf5b5b9..f61c133d48f 100644 --- a/2006/3xxx/CVE-2006-3610.json +++ b/2006/3xxx/CVE-2006-3610.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to obtain sensitive information (partial database schema) via a modified page_name parameter, which reflects portions of an SQL query in the result. NOTE: it is not clear whether the information is target-specific. If not, then this issue is not an exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060713 Orbitmatrix PHP Script v1.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439970/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to obtain sensitive information (partial database schema) via a modified page_name parameter, which reflects portions of an SQL query in the result. NOTE: it is not clear whether the information is target-specific. If not, then this issue is not an exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060713 Orbitmatrix PHP Script v1.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439970/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4001.json b/2006/4xxx/CVE-2006-4001.json index 37c04facaf6..bd550884f87 100644 --- a/2006/4xxx/CVE-2006-4001.json +++ b/2006/4xxx/CVE-2006-4001.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060801 Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441857/100/0/threaded" - }, - { - "name" : "20060802 RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442039/100/0/threaded" - }, - { - "name" : "19276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19276" - }, - { - "name" : "ADV-2006-3104", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3104" - }, - { - "name" : "21258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21258" - }, - { - "name" : "barracuda-default-account(28213)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3104", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3104" + }, + { + "name": "20060802 RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442039/100/0/threaded" + }, + { + "name": "21258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21258" + }, + { + "name": "19276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19276" + }, + { + "name": "barracuda-default-account(28213)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28213" + }, + { + "name": "20060801 Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441857/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4207.json b/2006/4xxx/CVE-2006-4207.json index 1351ee1735d..a05ef03a5cd 100644 --- a/2006/4xxx/CVE-2006-4207.json +++ b/2006/4xxx/CVE-2006-4207.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1314/exploit.html", - "refsource" : "MISC", - "url" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1314/exploit.html" - }, - { - "name" : "2188", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2188" - }, - { - "name" : "19532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19532" - }, - { - "name" : "ADV-2006-3295", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3295" - }, - { - "name" : "1016714", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016714" - }, - { - "name" : "discloser-fileloc-file-include(28380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1314/exploit.html", + "refsource": "MISC", + "url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1314/exploit.html" + }, + { + "name": "19532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19532" + }, + { + "name": "ADV-2006-3295", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3295" + }, + { + "name": "2188", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2188" + }, + { + "name": "1016714", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016714" + }, + { + "name": "discloser-fileloc-file-include(28380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28380" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4363.json b/2006/4xxx/CVE-2006-4363.json index 2a91bc16611..575866414dd 100644 --- a/2006/4xxx/CVE-2006-4363.json +++ b/2006/4xxx/CVE-2006-4363.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060819 Mambo com_cropimage 1.0 Component Remote Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443762/100/0/threaded" - }, - { - "name" : "2217", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2217" - }, - { - "name" : "19605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19605" - }, - { - "name" : "1450", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1450" - }, - { - "name" : "cropimage-admincropcanvas-file-include(28465)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1450", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1450" + }, + { + "name": "cropimage-admincropcanvas-file-include(28465)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28465" + }, + { + "name": "19605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19605" + }, + { + "name": "20060819 Mambo com_cropimage 1.0 Component Remote Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443762/100/0/threaded" + }, + { + "name": "2217", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2217" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4470.json b/2006/4xxx/CVE-2006-4470.json index 937e170bc0d..32d06cd863b 100644 --- a/2006/4xxx/CVE-2006-4470.json +++ b/2006/4xxx/CVE-2006-4470.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1841/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1841/78/" - }, - { - "name" : "http://www.joomla.org/content/view/1843/74/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1843/74/" - }, - { - "name" : "ADV-2006-3408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3408" - }, - { - "name" : "21666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21666" - }, - { - "name" : "joomla-multiple-insecure-data(28631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3408" + }, + { + "name": "http://www.joomla.org/content/view/1841/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1841/78/" + }, + { + "name": "21666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21666" + }, + { + "name": "joomla-multiple-insecure-data(28631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28631" + }, + { + "name": "http://www.joomla.org/content/view/1843/74/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1843/74/" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4551.json b/2006/4xxx/CVE-2006-4551.json index 6f6011fea07..563c2ade9a1 100644 --- a/2006/4xxx/CVE-2006-4551.json +++ b/2006/4xxx/CVE-2006-4551.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 feedsplitter considered harmful", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444805/100/0/threaded" - }, - { - "name" : "19779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19779" - }, - { - "name" : "22000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060830 feedsplitter considered harmful", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444805/100/0/threaded" + }, + { + "name": "19779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19779" + }, + { + "name": "22000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22000" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4716.json b/2006/4xxx/CVE-2006-4716.json index c4f77b0244d..8eb9f56b549 100644 --- a/2006/4xxx/CVE-2006-4716.json +++ b/2006/4xxx/CVE-2006-4716.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1446/exploit.html", - "refsource" : "MISC", - "url" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1446/exploit.html" - }, - { - "name" : "2319", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2319" - }, - { - "name" : "19899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19899" - }, - { - "name" : "firesoftboard-demarrage-file-include(28804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1446/exploit.html", + "refsource": "MISC", + "url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1446/exploit.html" + }, + { + "name": "19899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19899" + }, + { + "name": "firesoftboard-demarrage-file-include(28804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28804" + }, + { + "name": "2319", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2319" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6014.json b/2006/6xxx/CVE-2006-6014.json index 164117c8c68..d022f0a9a86 100644 --- a/2006/6xxx/CVE-2006-6014.json +++ b/2006/6xxx/CVE-2006-6014.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[current-users] 20061110 [Security Fix] ptrace insufficient bounds checking", - "refsource" : "MLIST", - "url" : "http://mail-index.netbsd.org/current-users/2006/11/10/0000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[current-users] 20061110 [Security Fix] ptrace insufficient bounds checking", + "refsource": "MLIST", + "url": "http://mail-index.netbsd.org/current-users/2006/11/10/0000.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6087.json b/2006/6xxx/CVE-2006-6087.json index 54c027fd8ed..07c25b3090b 100644 --- a/2006/6xxx/CVE-2006-6087.json +++ b/2006/6xxx/CVE-2006-6087.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061119 my little weblog => Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452183/100/0/threaded" - }, - { - "name" : "21238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21238" - }, - { - "name" : "ADV-2006-4638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4638" - }, - { - "name" : "22988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22988" - }, - { - "name" : "1919", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1919" - }, - { - "name" : "mylittleweblog-weblog-xss(30434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22988" + }, + { + "name": "mylittleweblog-weblog-xss(30434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30434" + }, + { + "name": "21238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21238" + }, + { + "name": "ADV-2006-4638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4638" + }, + { + "name": "1919", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1919" + }, + { + "name": "20061119 my little weblog => Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452183/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7103.json b/2006/7xxx/CVE-2006-7103.json index 1639d6b9fa7..68b62125cdc 100644 --- a/2006/7xxx/CVE-2006-7103.json +++ b/2006/7xxx/CVE-2006-7103.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a \"..\" in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a \"..\" in the album or (2) image parameter to (b) image.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061027 MHL-2006-003 Public Advisory: \"ezOnlineGallery\" Multiple Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449889/100/0/threaded" - }, - { - "name" : "20061027 MHL-2006-003 Public Advisory: \"ezOnlineGallery\" Multiple Security Issues", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050364.html" - }, - { - "name" : "http://www.mayhemiclabs.com/advisories/MHL-2006-003.txt", - "refsource" : "MISC", - "url" : "http://www.mayhemiclabs.com/advisories/MHL-2006-003.txt" - }, - { - "name" : "http://www.ezonlinegallery.com/changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.ezonlinegallery.com/changelog.txt" - }, - { - "name" : "20763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20763" - }, - { - "name" : "2362", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2362" - }, - { - "name" : "ezonlinegallery-image-directory-traversal(29836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29836" - }, - { - "name" : "ezonlinegallery-ezgallery-path-disclosure(29835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a \"..\" in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a \"..\" in the album or (2) image parameter to (b) image.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ezonlinegallery.com/changelog.txt", + "refsource": "CONFIRM", + "url": "http://www.ezonlinegallery.com/changelog.txt" + }, + { + "name": "20763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20763" + }, + { + "name": "ezonlinegallery-image-directory-traversal(29836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29836" + }, + { + "name": "20061027 MHL-2006-003 Public Advisory: \"ezOnlineGallery\" Multiple Security Issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449889/100/0/threaded" + }, + { + "name": "http://www.mayhemiclabs.com/advisories/MHL-2006-003.txt", + "refsource": "MISC", + "url": "http://www.mayhemiclabs.com/advisories/MHL-2006-003.txt" + }, + { + "name": "ezonlinegallery-ezgallery-path-disclosure(29835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29835" + }, + { + "name": "20061027 MHL-2006-003 Public Advisory: \"ezOnlineGallery\" Multiple Security Issues", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050364.html" + }, + { + "name": "2362", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2362" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7218.json b/2006/7xxx/CVE-2006-7218.json index d600fde5097..d2b260c450c 100644 --- a/2006/7xxx/CVE-2006-7218.json +++ b/2006/7xxx/CVE-2006-7218.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eZ publish before 3.8.1 does not properly enforce permissions for \"content edit Language\" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_8_1", - "refsource" : "CONFIRM", - "url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_8_1" - }, - { - "name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0", - "refsource" : "CONFIRM", - "url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0" - }, - { - "name" : "http://issues.ez.no/8539", - "refsource" : "CONFIRM", - "url" : "http://issues.ez.no/8539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eZ publish before 3.8.1 does not properly enforce permissions for \"content edit Language\" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_8_1", + "refsource": "CONFIRM", + "url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_8_1" + }, + { + "name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0", + "refsource": "CONFIRM", + "url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0" + }, + { + "name": "http://issues.ez.no/8539", + "refsource": "CONFIRM", + "url": "http://issues.ez.no/8539" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2256.json b/2010/2xxx/CVE-2010-2256.json index 1369f652506..84fdda1f652 100644 --- a/2010/2xxx/CVE-2010-2256.json +++ b/2010/2xxx/CVE-2010-2256.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10983", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10983" - }, - { - "name" : "http://packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt" - }, - { - "name" : "38086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38086" + }, + { + "name": "10983", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10983" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2898.json b/2010/2xxx/CVE-2010-2898.json index 93b002cbc35..6207f99f1d3 100644 --- a/2010/2xxx/CVE-2010-2898.json +++ b/2010/2xxx/CVE-2010-2898.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=48733", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=48733" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html" - }, - { - "name" : "oval:org.mitre.oval:def:12104", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12104" - }, - { - "name" : "40743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12104", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12104" + }, + { + "name": "40743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40743" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=48733", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=48733" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0064.json b/2011/0xxx/CVE-2011-0064.json index 62955056ea2..c402edd215a 100644 --- a/2011/0xxx/CVE-2011-0064.json +++ b/2011/0xxx/CVE-2011-0064.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=606997", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=606997" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=672502", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=672502" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678563", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678563" - }, - { - "name" : "https://build.opensuse.org/request/show/63070", - "refsource" : "CONFIRM", - "url" : "https://build.opensuse.org/request/show/63070" - }, - { - "name" : "DSA-2178", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2178" - }, - { - "name" : "FEDORA-2011-3194", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html" - }, - { - "name" : "MDVSA-2011:040", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040" - }, - { - "name" : "RHSA-2011:0309", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0309.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "USN-1082-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1082-1" - }, - { - "name" : "46632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46632" - }, - { - "name" : "1025145", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025145" - }, - { - "name" : "43559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43559" - }, - { - "name" : "43572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43572" - }, - { - "name" : "43578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43578" - }, - { - "name" : "43800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43800" - }, - { - "name" : "ADV-2011-0543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0543" - }, - { - "name" : "ADV-2011-0555", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0555" - }, - { - "name" : "ADV-2011-0558", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0558" - }, - { - "name" : "ADV-2011-0584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0584" - }, - { - "name" : "ADV-2011-0683", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0683" - }, - { - "name" : "pango-hbbufferensure-bo(65770)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1082-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1082-1" + }, + { + "name": "43578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43578" + }, + { + "name": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=672502", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=672502" + }, + { + "name": "MDVSA-2011:040", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040" + }, + { + "name": "ADV-2011-0543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0543" + }, + { + "name": "ADV-2011-0555", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0555" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678563", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678563" + }, + { + "name": "ADV-2011-0558", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0558" + }, + { + "name": "43800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43800" + }, + { + "name": "pango-hbbufferensure-bo(65770)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770" + }, + { + "name": "https://build.opensuse.org/request/show/63070", + "refsource": "CONFIRM", + "url": "https://build.opensuse.org/request/show/63070" + }, + { + "name": "ADV-2011-0683", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0683" + }, + { + "name": "1025145", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025145" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997" + }, + { + "name": "FEDORA-2011-3194", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html" + }, + { + "name": "43559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43559" + }, + { + "name": "43572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43572" + }, + { + "name": "ADV-2011-0584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0584" + }, + { + "name": "46632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46632" + }, + { + "name": "RHSA-2011:0309", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0309.html" + }, + { + "name": "DSA-2178", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2178" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0359.json b/2011/0xxx/CVE-2011-0359.json index f522f0245cd..f795c74079f 100644 --- a/2011/0xxx/CVE-2011-0359.json +++ b/2011/0xxx/CVE-2011-0359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0359", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0359", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0790.json b/2011/0xxx/CVE-2011-0790.json index bf0fa55a37f..d5e0b8beb1e 100644 --- a/2011/0xxx/CVE-2011-0790.json +++ b/2011/0xxx/CVE-2011-0790.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0809.json b/2011/0xxx/CVE-2011-0809.json index e7a29b76cc8..336b5427ca9 100644 --- a/2011/0xxx/CVE-2011-0809.json +++ b/2011/0xxx/CVE-2011-0809.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0885.json b/2011/0xxx/CVE-2011-0885.json index c645c16dcd0..f3396ce19a5 100644 --- a/2011/0xxx/CVE-2011-0885.json +++ b/2011/0xxx/CVE-2011-0885.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110204 TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2011/Feb/36" - }, - { - "name" : "20110205 TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516205/100/0/threaded" - }, - { - "name" : "16123", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16123/" - }, - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt" - }, - { - "name" : "46215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46215" - }, - { - "name" : "43199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43199" - }, - { - "name" : "8066", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8066" - }, - { - "name" : "smcd3gccr-default-password(65184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8066", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8066" + }, + { + "name": "20110204 TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2011/Feb/36" + }, + { + "name": "43199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43199" + }, + { + "name": "46215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46215" + }, + { + "name": "16123", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16123/" + }, + { + "name": "20110205 TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516205/100/0/threaded" + }, + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt" + }, + { + "name": "smcd3gccr-default-password(65184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65184" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1303.json b/2011/1xxx/CVE-2011-1303.json index 8866755ce29..5270af88e0c 100644 --- a/2011/1xxx/CVE-2011-1303.json +++ b/2011/1xxx/CVE-2011-1303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=61502", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=61502" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:13705", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=61502", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=61502" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" + }, + { + "name": "oval:org.mitre.oval:def:13705", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13705" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1408.json b/2011/1xxx/CVE-2011-1408.json index 94fbfac867e..a0ebaf4e235 100644 --- a/2011/1xxx/CVE-2011-1408.json +++ b/2011/1xxx/CVE-2011-1408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1408", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1408", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1427.json b/2011/1xxx/CVE-2011-1427.json index dc18048cdb2..39c1caa43c9 100644 --- a/2011/1xxx/CVE-2011-1427.json +++ b/2011/1xxx/CVE-2011-1427.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110307 InSite Troubleshooting Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516880/100/0/threaded" - }, - { - "name" : "20110307 Kodak InSite Login Page Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516881/100/0/threaded" - }, - { - "name" : "46762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46762" - }, - { - "name" : "8135", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8135" - }, - { - "name" : "kodakinsite-multiple-xss(65941)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110307 Kodak InSite Login Page Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516881/100/0/threaded" + }, + { + "name": "46762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46762" + }, + { + "name": "20110307 InSite Troubleshooting Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516880/100/0/threaded" + }, + { + "name": "kodakinsite-multiple-xss(65941)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65941" + }, + { + "name": "8135", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8135" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4836.json b/2011/4xxx/CVE-2011-4836.json index c7ec0c75694..0e2a4851d79 100644 --- a/2011/4xxx/CVE-2011-4836.json +++ b/2011/4xxx/CVE-2011-4836.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#796883", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/796883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#796883", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/796883" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5009.json b/2011/5xxx/CVE-2011-5009.json index eb1b8b79bb0..cd1bb0bf4ad 100644 --- a/2011/5xxx/CVE-2011-5009.json +++ b/2011/5xxx/CVE-2011-5009.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2011/Nov/178" - }, - { - "name" : "http://aluigi.altervista.org/adv/codesys_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/codesys_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf" - }, - { - "name" : "77388", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77388" - }, - { - "name" : "77389", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77389" - }, - { - "name" : "47018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47018" - }, - { - "name" : "codesys-cmpwebserver-dos(71533)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf" + }, + { + "name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2011/Nov/178" + }, + { + "name": "47018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47018" + }, + { + "name": "http://aluigi.altervista.org/adv/codesys_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt" + }, + { + "name": "77388", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77388" + }, + { + "name": "codesys-cmpwebserver-dos(71533)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71533" + }, + { + "name": "77389", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77389" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2379.json b/2014/2xxx/CVE-2014-2379.json index 307333a2a70..dcae97def68 100644 --- a/2014/2xxx/CVE-2014-2379.json +++ b/2014/2xxx/CVE-2014-2379.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2925.json b/2014/2xxx/CVE-2014-2925.json index 58d006e4b4c..23f8935e8b3 100644 --- a/2014/2xxx/CVE-2014-2925.json +++ b/2014/2xxx/CVE-2014-2925.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140404 Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/59" - }, - { - "name" : "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29", - "refsource" : "CONFIRM", - "url" : "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29" - }, - { - "name" : "http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/", - "refsource" : "CONFIRM", - "url" : "http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/" - }, - { - "name" : "https://support.t-mobile.com/docs/DOC-21994", - "refsource" : "CONFIRM", - "url" : "https://support.t-mobile.com/docs/DOC-21994" - }, - { - "name" : "66669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140404 Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/59" + }, + { + "name": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29", + "refsource": "CONFIRM", + "url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29" + }, + { + "name": "http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/", + "refsource": "CONFIRM", + "url": "http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/" + }, + { + "name": "https://support.t-mobile.com/docs/DOC-21994", + "refsource": "CONFIRM", + "url": "https://support.t-mobile.com/docs/DOC-21994" + }, + { + "name": "66669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66669" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3099.json b/2014/3xxx/CVE-2014-3099.json index 0dad9fe046e..35843a87e8a 100644 --- a/2014/3xxx/CVE-2014-3099.json +++ b/2014/3xxx/CVE-2014-3099.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas76c9e0fe437973f6c86257d48003b00b9", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas76c9e0fe437973f6c86257d48003b00b9" - }, - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096586", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096586" - }, - { - "name" : "IT04508", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04508" - }, - { - "name" : "71426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71426" - }, - { - "name" : "ibm-systemsdirector-cve20143099-info-disc(94267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas76c9e0fe437973f6c86257d48003b00b9", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas76c9e0fe437973f6c86257d48003b00b9" + }, + { + "name": "71426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71426" + }, + { + "name": "ibm-systemsdirector-cve20143099-info-disc(94267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94267" + }, + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096586", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096586" + }, + { + "name": "IT04508", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04508" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3338.json b/2014/3xxx/CVE-2014-3338.json index 4509203fefd..54966175355 100644 --- a/2014/3xxx/CVE-2014-3338.json +++ b/2014/3xxx/CVE-2014-3338.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258" - }, - { - "name" : "20140811 Cisco Unified Communications Manager CTIManager Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338" - }, - { - "name" : "69176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69176" - }, - { - "name" : "1030710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030710" - }, - { - "name" : "60054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60054" - }, - { - "name" : "cucm-cve20143338-command-exec(95246)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60054" + }, + { + "name": "20140811 Cisco Unified Communications Manager CTIManager Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338" + }, + { + "name": "cucm-cve20143338-command-exec(95246)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95246" + }, + { + "name": "1030710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030710" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258" + }, + { + "name": "69176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69176" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3398.json b/2014/3xxx/CVE-2014-3398.json index 30385f39acf..d30e6d8d6b7 100644 --- a/2014/3xxx/CVE-2014-3398.json +++ b/2014/3xxx/CVE-2014-3398.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141003 Cisco ASA Software Version Information Disclosure", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141003 Cisco ASA Software Version Information Disclosure", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3398" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3885.json b/2014/3xxx/CVE-2014-3885.json index 6cee48099c4..f20a0f1478c 100644 --- a/2014/3xxx/CVE-2014-3885.json +++ b/2014/3xxx/CVE-2014-3885.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#49974594", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN49974594/index.html" - }, - { - "name" : "JVNDB-2014-000059", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000059", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059" + }, + { + "name": "JVN#49974594", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN49974594/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6092.json b/2014/6xxx/CVE-2014-6092.json index c838246ff12..e5945a35c34 100644 --- a/2014/6xxx/CVE-2014-6092.json +++ b/2014/6xxx/CVE-2014-6092.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697742", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697742", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697742" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6574.json b/2014/6xxx/CVE-2014-6574.json index 4d92637052d..1678b49c24b 100644 --- a/2014/6xxx/CVE-2014-6574.json +++ b/2014/6xxx/CVE-2014-6574.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031576" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6838.json b/2014/6xxx/CVE-2014-6838.json index f4e9c8068f8..a10d264228a 100644 --- a/2014/6xxx/CVE-2014-6838.json +++ b/2014/6xxx/CVE-2014-6838.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#167577", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/167577" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#167577", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/167577" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6908.json b/2014/6xxx/CVE-2014-6908.json index b068da9f3f6..0e6d544a268 100644 --- a/2014/6xxx/CVE-2014-6908.json +++ b/2014/6xxx/CVE-2014-6908.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Forum IC (aka com.tapatalk.forumimmigrercom) application 3.3.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#948753", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/948753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Forum IC (aka com.tapatalk.forumimmigrercom) application 3.3.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#948753", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/948753" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6976.json b/2014/6xxx/CVE-2014-6976.json index 8af23095cb9..0dc0b19e231 100644 --- a/2014/6xxx/CVE-2014-6976.json +++ b/2014/6xxx/CVE-2014-6976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Aeroexpress (aka ru.lynx.aero) application 2.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#648145", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/648145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Aeroexpress (aka ru.lynx.aero) application 2.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#648145", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/648145" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7242.json b/2014/7xxx/CVE-2014-7242.json index 13506a1c050..82be8e87558 100644 --- a/2014/7xxx/CVE-2014-7242.json +++ b/2014/7xxx/CVE-2014-7242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SumaHo application 3.0.0 and earlier for Android and the SumaHo \"driving capability\" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#27388160", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN27388160/index.html" - }, - { - "name" : "JVNDB-2014-000125", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000125.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SumaHo application 3.0.0 and earlier for Android and the SumaHo \"driving capability\" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#27388160", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN27388160/index.html" + }, + { + "name": "JVNDB-2014-000125", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000125.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7436.json b/2014/7xxx/CVE-2014-7436.json index d28249b2562..6097a410afc 100644 --- a/2014/7xxx/CVE-2014-7436.json +++ b/2014/7xxx/CVE-2014-7436.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SOS recette (aka com.sos.recette) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#247745", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/247745" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SOS recette (aka com.sos.recette) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#247745", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/247745" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7538.json b/2014/7xxx/CVE-2014-7538.json index 4cc88669669..eca6b1debf6 100644 --- a/2014/7xxx/CVE-2014-7538.json +++ b/2014/7xxx/CVE-2014-7538.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application 0.21.13219.95110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#323425", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/323425" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application 0.21.13219.95110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#323425", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/323425" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7606.json b/2014/7xxx/CVE-2014-7606.json index f7dadaf12d2..eabafb879be 100644 --- a/2014/7xxx/CVE-2014-7606.json +++ b/2014/7xxx/CVE-2014-7606.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Concursive (aka com.concursive.app) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#468009", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/468009" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Concursive (aka com.concursive.app) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#468009", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/468009" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2102.json b/2016/2xxx/CVE-2016-2102.json index 3f9c1c32ef0..64595507d94 100644 --- a/2016/2xxx/CVE-2016-2102.json +++ b/2016/2xxx/CVE-2016-2102.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311145", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311145", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311145" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2113.json b/2016/2xxx/CVE-2016-2113.json index df5a5191380..b480a6c87db 100644 --- a/2016/2xxx/CVE-2016-2113.json +++ b/2016/2xxx/CVE-2016-2113.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://badlock.org/", - "refsource" : "MISC", - "url" : "http://badlock.org/" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2016-2113.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2016-2113.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "https://www.samba.org/samba/history/samba-4.2.10.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/history/samba-4.2.10.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa122", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa122" - }, - { - "name" : "https://www.samba.org/samba/latest_news.html#4.4.2", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/latest_news.html#4.4.2" - }, - { - "name" : "DSA-3548", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3548" - }, - { - "name" : "FEDORA-2016-383fce04e2", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html" - }, - { - "name" : "FEDORA-2016-48b3761baa", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html" - }, - { - "name" : "FEDORA-2016-be53260726", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html" - }, - { - "name" : "GLSA-201612-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-47" - }, - { - "name" : "RHSA-2016:0614", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0614.html" - }, - { - "name" : "RHSA-2016:0618", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0618.html" - }, - { - "name" : "RHSA-2016:0620", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0620.html" - }, - { - "name" : "RHSA-2016:0612", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0612.html" - }, - { - "name" : "SSA:2016-106-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012" - }, - { - "name" : "SUSE-SU-2016:1022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:1023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html" - }, - { - "name" : "SUSE-SU-2016:1024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html" - }, - { - "name" : "SUSE-SU-2016:1028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:1025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "USN-2950-5", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-5" - }, - { - "name" : "USN-2950-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-3" - }, - { - "name" : "USN-2950-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-4" - }, - { - "name" : "USN-2950-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-1" - }, - { - "name" : "USN-2950-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-2" - }, - { - "name" : "1035533", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2016-106-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012" + }, + { + "name": "SUSE-SU-2016:1022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html" + }, + { + "name": "RHSA-2016:0612", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0612.html" + }, + { + "name": "USN-2950-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-1" + }, + { + "name": "SUSE-SU-2016:1028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html" + }, + { + "name": "http://badlock.org/", + "refsource": "MISC", + "url": "http://badlock.org/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "openSUSE-SU-2016:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" + }, + { + "name": "USN-2950-5", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-5" + }, + { + "name": "https://www.samba.org/samba/history/samba-4.2.10.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/history/samba-4.2.10.html" + }, + { + "name": "FEDORA-2016-be53260726", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html" + }, + { + "name": "RHSA-2016:0618", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0618.html" + }, + { + "name": "SUSE-SU-2016:1024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html" + }, + { + "name": "SUSE-SU-2016:1023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html" + }, + { + "name": "https://www.samba.org/samba/latest_news.html#4.4.2", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/latest_news.html#4.4.2" + }, + { + "name": "1035533", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035533" + }, + { + "name": "FEDORA-2016-48b3761baa", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html" + }, + { + "name": "RHSA-2016:0614", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0614.html" + }, + { + "name": "openSUSE-SU-2016:1025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html" + }, + { + "name": "RHSA-2016:0620", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0620.html" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa122", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa122" + }, + { + "name": "USN-2950-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-3" + }, + { + "name": "FEDORA-2016-383fce04e2", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "GLSA-201612-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-47" + }, + { + "name": "DSA-3548", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3548" + }, + { + "name": "USN-2950-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-2" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2016-2113.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2016-2113.html" + }, + { + "name": "USN-2950-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-4" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2204.json b/2016/2xxx/CVE-2016-2204.json index 61d01e0a972..f82d567aa4b 100644 --- a/2016/2xxx/CVE-2016-2204.json +++ b/2016/2xxx/CVE-2016-2204.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2016-2204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00" - }, - { - "name" : "86138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/86138" - }, - { - "name" : "1035609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/86138" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00" + }, + { + "name": "1035609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035609" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2264.json b/2016/2xxx/CVE-2016-2264.json index 778cefad6d3..16bbe137905 100644 --- a/2016/2xxx/CVE-2016-2264.json +++ b/2016/2xxx/CVE-2016-2264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2264", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2264", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2887.json b/2016/2xxx/CVE-2016-2887.json index 5b06be9c9d0..fcddb171e11 100644 --- a/2016/2xxx/CVE-2016-2887.json +++ b/2016/2xxx/CVE-2016-2887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982967", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982967" - }, - { - "name" : "94611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94611" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982967", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982967" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18008.json b/2017/18xxx/CVE-2017-18008.json index 71df06dbbb0..8393eeae6b8 100644 --- a/2017/18xxx/CVE-2017-18008.json +++ b/2017/18xxx/CVE-2017-18008.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/921", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/921" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "102346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/921", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/921" + }, + { + "name": "102346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102346" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18076.json b/2017/18xxx/CVE-2017-18076.json index f51c736bab7..78bb33f7dd5 100644 --- a/2017/18xxx/CVE-2017-18076.json +++ b/2017/18xxx/CVE-2017-18076.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/888523", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/888523" - }, - { - "name" : "https://github.com/omniauth/omniauth/pull/867", - "refsource" : "CONFIRM", - "url" : "https://github.com/omniauth/omniauth/pull/867" - }, - { - "name" : "https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b", - "refsource" : "CONFIRM", - "url" : "https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b" - }, - { - "name" : "DSA-4109", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/omniauth/omniauth/pull/867", + "refsource": "CONFIRM", + "url": "https://github.com/omniauth/omniauth/pull/867" + }, + { + "name": "DSA-4109", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4109" + }, + { + "name": "https://bugs.debian.org/888523", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/888523" + }, + { + "name": "https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b", + "refsource": "CONFIRM", + "url": "https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18270.json b/2017/18xxx/CVE-2017-18270.json index 4e5c0c2c532..60af25a6310 100644 --- a/2017/18xxx/CVE-2017-18270.json +++ b/2017/18xxx/CVE-2017-18270.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3" - }, - { - "name" : "https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "104254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5" + }, + { + "name": "104254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104254" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1026.json b/2017/1xxx/CVE-2017-1026.json index caf63a4a7ec..b5d58d61e5f 100644 --- a/2017/1xxx/CVE-2017-1026.json +++ b/2017/1xxx/CVE-2017-1026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1623.json b/2017/1xxx/CVE-2017-1623.json index bc6bb5a7480..7cdec113a6b 100644 --- a/2017/1xxx/CVE-2017-1623.json +++ b/2017/1xxx/CVE-2017-1623.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-05T00:00:00", - "ID" : "CVE-2017-1623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-05T00:00:00", + "ID": "CVE-2017-1623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133121", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133121" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012344", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012344" - }, - { - "name" : "102476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133121", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133121" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012344", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012344" + }, + { + "name": "102476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102476" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5089.json b/2017/5xxx/CVE-2017-5089.json index e12ca0af305..18d3b02e84f 100644 --- a/2017/5xxx/CVE-2017-5089.json +++ b/2017/5xxx/CVE-2017-5089.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.104 for Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.104 for Mac" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient Policy Enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.104 for Mac", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.104 for Mac" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html" - }, - { - "name" : "https://crbug.com/714196", - "refsource" : "MISC", - "url" : "https://crbug.com/714196" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1495", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1495" - }, - { - "name" : "99096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99096" - }, - { - "name" : "1038765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Policy Enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/714196", + "refsource": "MISC", + "url": "https://crbug.com/714196" + }, + { + "name": "1038765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038765" + }, + { + "name": "99096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99096" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "RHSA-2017:1495", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1495" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5829.json b/2017/5xxx/CVE-2017-5829.json index 93a709457b1..a19a6691fc1 100644 --- a/2017/5xxx/CVE-2017-5829.json +++ b/2017/5xxx/CVE-2017-5829.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-05-25T00:00:00", - "ID" : "CVE-2017-5829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aruba ClearPass Policy Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.6.x" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "access restriction bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-05-25T00:00:00", + "ID": "CVE-2017-5829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "6.6.x" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt" - }, - { - "name" : "98722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "access restriction bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt" + }, + { + "name": "98722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98722" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5879.json b/2017/5xxx/CVE-2017-5879.json index df1899f9dbd..e12541e1eff 100644 --- a/2017/5xxx/CVE-2017-5879.json +++ b/2017/5xxx/CVE-2017-5879.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/exponentcms/exponent-cms/issues/73", - "refsource" : "MISC", - "url" : "https://github.com/exponentcms/exponent-cms/issues/73" - }, - { - "name" : "96039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/exponentcms/exponent-cms/issues/73", + "refsource": "MISC", + "url": "https://github.com/exponentcms/exponent-cms/issues/73" + }, + { + "name": "96039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96039" + } + ] + } +} \ No newline at end of file