From f9989d5570ac73dd555087c6242ddf416cff00f3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:27:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1534.json | 140 ++++----- 2006/2xxx/CVE-2006-2089.json | 150 ++++----- 2006/2xxx/CVE-2006-2775.json | 550 ++++++++++++++++----------------- 2006/2xxx/CVE-2006-2921.json | 150 ++++----- 2006/2xxx/CVE-2006-2950.json | 200 ++++++------ 2006/2xxx/CVE-2006-2988.json | 170 +++++----- 2006/3xxx/CVE-2006-3042.json | 160 +++++----- 2006/3xxx/CVE-2006-3201.json | 210 ++++++------- 2006/3xxx/CVE-2006-3585.json | 200 ++++++------ 2006/6xxx/CVE-2006-6044.json | 180 +++++------ 2006/6xxx/CVE-2006-6391.json | 120 +++---- 2006/6xxx/CVE-2006-6468.json | 130 ++++---- 2006/6xxx/CVE-2006-6772.json | 330 ++++++++++---------- 2006/7xxx/CVE-2006-7039.json | 160 +++++----- 2011/0xxx/CVE-2011-0232.json | 170 +++++----- 2011/0xxx/CVE-2011-0380.json | 150 ++++----- 2011/0xxx/CVE-2011-0631.json | 34 +- 2011/0xxx/CVE-2011-0665.json | 220 ++++++------- 2011/0xxx/CVE-2011-0881.json | 130 ++++---- 2011/0xxx/CVE-2011-0899.json | 170 +++++----- 2011/0xxx/CVE-2011-0903.json | 140 ++++----- 2011/1xxx/CVE-2011-1877.json | 190 ++++++------ 2011/2xxx/CVE-2011-2526.json | 450 +++++++++++++-------------- 2011/3xxx/CVE-2011-3161.json | 130 ++++---- 2011/3xxx/CVE-2011-3382.json | 140 ++++----- 2011/3xxx/CVE-2011-3386.json | 190 ++++++------ 2011/4xxx/CVE-2011-4022.json | 120 +++---- 2011/4xxx/CVE-2011-4360.json | 170 +++++----- 2011/4xxx/CVE-2011-4519.json | 130 ++++---- 2011/4xxx/CVE-2011-4616.json | 200 ++++++------ 2013/5xxx/CVE-2013-5123.json | 34 +- 2013/5xxx/CVE-2013-5391.json | 130 ++++---- 2013/5xxx/CVE-2013-5751.json | 180 +++++------ 2013/5xxx/CVE-2013-5753.json | 34 +- 2013/5xxx/CVE-2013-5766.json | 130 ++++---- 2014/2xxx/CVE-2014-2139.json | 130 ++++---- 2014/2xxx/CVE-2014-2167.json | 120 +++---- 2014/2xxx/CVE-2014-2243.json | 170 +++++----- 2014/2xxx/CVE-2014-2273.json | 150 ++++----- 2014/6xxx/CVE-2014-6244.json | 34 +- 2014/6xxx/CVE-2014-6279.json | 34 +- 2014/6xxx/CVE-2014-6289.json | 140 ++++----- 2014/6xxx/CVE-2014-6759.json | 140 ++++----- 2014/7xxx/CVE-2014-7315.json | 140 ++++----- 2014/7xxx/CVE-2014-7637.json | 34 +- 2017/0xxx/CVE-2017-0269.json | 150 ++++----- 2017/0xxx/CVE-2017-0289.json | 150 ++++----- 2017/0xxx/CVE-2017-0448.json | 140 ++++----- 2017/0xxx/CVE-2017-0656.json | 34 +- 2017/18xxx/CVE-2017-18325.json | 34 +- 2017/1xxx/CVE-2017-1064.json | 34 +- 2017/1xxx/CVE-2017-1178.json | 140 ++++----- 2017/1xxx/CVE-2017-1222.json | 140 ++++----- 2017/1xxx/CVE-2017-1669.json | 154 ++++----- 2017/1xxx/CVE-2017-1685.json | 34 +- 2017/4xxx/CVE-2017-4345.json | 34 +- 2017/5xxx/CVE-2017-5639.json | 34 +- 57 files changed, 4131 insertions(+), 4131 deletions(-) diff --git a/2001/1xxx/CVE-2001-1534.json b/2001/1xxx/CVE-2001-1534.json index 00adc925292..42622bb4a49 100644 --- a/2001/1xxx/CVE-2001-1534.json +++ b/2001/1xxx/CVE-2001-1534.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011113 Brute-Forcing Web Application Session IDs", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html" - }, - { - "name" : "3521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3521" - }, - { - "name" : "apache-modusertrack-predicticable-sessionid(7494)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7494.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3521" + }, + { + "name": "apache-modusertrack-predicticable-sessionid(7494)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7494.php" + }, + { + "name": "20011113 Brute-Forcing Web Application Session IDs", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2089.json b/2006/2xxx/CVE-2006-2089.json index 6b74cae55a7..246e12dec06 100644 --- a/2006/2xxx/CVE-2006-2089.json +++ b/2006/2xxx/CVE-2006-2089.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060426 MySmartBB<---v 1.1.x SQL Injection/XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432095/100/0/threaded" - }, - { - "name" : "17707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17707" - }, - { - "name" : "807", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/807" - }, - { - "name" : "mysmartbb-misc-xss(26089)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mysmartbb-misc-xss(26089)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26089" + }, + { + "name": "20060426 MySmartBB<---v 1.1.x SQL Injection/XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432095/100/0/threaded" + }, + { + "name": "17707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17707" + }, + { + "name": "807", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/807" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2775.json b/2006/2xxx/CVE-2006-2775.json index fc865ca82d5..72abb2a338a 100644 --- a/2006/2xxx/CVE-2006-2775.json +++ b/2006/2xxx/CVE-2006-2775.json @@ -1,277 +1,277 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 rPSA-2006-0091-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435795/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-35.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-35.html" - }, - { - "name" : "DSA-1118", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1118" - }, - { - "name" : "DSA-1120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1120" - }, - { - "name" : "DSA-1134", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1134" - }, - { - "name" : "GLSA-200606-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" - }, - { - "name" : "GLSA-200606-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "SUSE-SA:2006:035", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" - }, - { - "name" : "USN-296-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-1/" - }, - { - "name" : "USN-297-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/297-1/" - }, - { - "name" : "USN-296-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-2/" - }, - { - "name" : "USN-297-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/297-3/" - }, - { - "name" : "USN-323-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/323-1/" - }, - { - "name" : "VU#243153", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/243153" - }, - { - "name" : "TA06-153A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-153A.html" - }, - { - "name" : "18228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18228" - }, - { - "name" : "ADV-2006-2106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2106" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016202", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016202" - }, - { - "name" : "1016214", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016214" - }, - { - "name" : "20376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20376" - }, - { - "name" : "20382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20382" - }, - { - "name" : "20561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20561" - }, - { - "name" : "20709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20709" - }, - { - "name" : "21183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21183" - }, - { - "name" : "21176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21176" - }, - { - "name" : "21178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21178" - }, - { - "name" : "21188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21188" - }, - { - "name" : "21210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21210" - }, - { - "name" : "21324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21324" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-xul-code-execution(26846)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20709" + }, + { + "name": "21176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21176" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "USN-297-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/297-3/" + }, + { + "name": "USN-296-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-1/" + }, + { + "name": "USN-323-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/323-1/" + }, + { + "name": "20561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20561" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-35.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-35.html" + }, + { + "name": "TA06-153A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-153A.html" + }, + { + "name": "21210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21210" + }, + { + "name": "20382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20382" + }, + { + "name": "1016214", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016214" + }, + { + "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "20376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20376" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "21178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21178" + }, + { + "name": "1016202", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016202" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "18228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18228" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "21188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21188" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "USN-296-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-2/" + }, + { + "name": "GLSA-200606-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml" + }, + { + "name": "DSA-1118", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1118" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "VU#243153", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/243153" + }, + { + "name": "DSA-1120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1120" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "DSA-1134", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1134" + }, + { + "name": "GLSA-200606-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" + }, + { + "name": "21324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21324" + }, + { + "name": "21183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21183" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "SUSE-SA:2006:035", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" + }, + { + "name": "USN-297-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/297-1/" + }, + { + "name": "mozilla-xul-code-execution(26846)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26846" + }, + { + "name": "ADV-2006-2106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2106" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2921.json b/2006/2xxx/CVE-2006-2921.json index 8bc21082d59..5230971aae1 100644 --- a/2006/2xxx/CVE-2006-2921.json +++ b/2006/2xxx/CVE-2006-2921.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sx02.coresec.de/advisories/149.txt", - "refsource" : "MISC", - "url" : "http://sx02.coresec.de/advisories/149.txt" - }, - { - "name" : "ADV-2006-2166", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2166" - }, - { - "name" : "20480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20480" - }, - { - "name" : "cmpro-header-file-include(27058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sx02.coresec.de/advisories/149.txt", + "refsource": "MISC", + "url": "http://sx02.coresec.de/advisories/149.txt" + }, + { + "name": "20480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20480" + }, + { + "name": "ADV-2006-2166", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2166" + }, + { + "name": "cmpro-header-file-include(27058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27058" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2950.json b/2006/2xxx/CVE-2006-2950.json index ea285837463..9b8c329465d 100644 --- a/2006/2xxx/CVE-2006-2950.json +++ b/2006/2xxx/CVE-2006-2950.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060608 NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436442/100/0/threaded" - }, - { - "name" : "http://www.acid-root.new.fr/advisories/npds510.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/npds510.txt" - }, - { - "name" : "ADV-2006-2233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2233" - }, - { - "name" : "26287", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26287" - }, - { - "name" : "26288", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26288" - }, - { - "name" : "26289", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26289" - }, - { - "name" : "20523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20523" - }, - { - "name" : "1076", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1076" - }, - { - "name" : "npds-multiple-scripts-path-disclosure(27124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26289", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26289" + }, + { + "name": "20523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20523" + }, + { + "name": "26287", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26287" + }, + { + "name": "1076", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1076" + }, + { + "name": "26288", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26288" + }, + { + "name": "npds-multiple-scripts-path-disclosure(27124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27124" + }, + { + "name": "20060608 NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436442/100/0/threaded" + }, + { + "name": "ADV-2006-2233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2233" + }, + { + "name": "http://www.acid-root.new.fr/advisories/npds510.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/npds510.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2988.json b/2006/2xxx/CVE-2006-2988.json index 08eb538645d..bdca173be59 100644 --- a/2006/2xxx/CVE-2006-2988.json +++ b/2006/2xxx/CVE-2006-2988.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060608 Chemical Directory - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436412/100/0/threaded" - }, - { - "name" : "18337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18337" - }, - { - "name" : "ADV-2006-2235", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2235" - }, - { - "name" : "20540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20540" - }, - { - "name" : "1083", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1083" - }, - { - "name" : "chemicaldictionary-keyword-xss(27025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060608 Chemical Directory - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436412/100/0/threaded" + }, + { + "name": "chemicaldictionary-keyword-xss(27025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27025" + }, + { + "name": "18337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18337" + }, + { + "name": "ADV-2006-2235", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2235" + }, + { + "name": "20540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20540" + }, + { + "name": "1083", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1083" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3042.json b/2006/3xxx/CVE-2006-3042.json index 4ae4b540012..47eac35a17e 100644 --- a/2006/3xxx/CVE-2006-3042.json +++ b/2006/3xxx/CVE-2006-3042.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher \"reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 [FSA016] ISPConfig 2.2.3, File inclusion vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437117/100/0/threaded" - }, - { - "name" : "20060616 Re: [FSA016] ISPConfig 2.2.3, File inclusion vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437415/100/100/threaded" - }, - { - "name" : "18441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18441" - }, - { - "name" : "27474", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27474" - }, - { - "name" : "1098", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher \"reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27474", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27474" + }, + { + "name": "20060616 Re: [FSA016] ISPConfig 2.2.3, File inclusion vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437415/100/100/threaded" + }, + { + "name": "18441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18441" + }, + { + "name": "20060614 [FSA016] ISPConfig 2.2.3, File inclusion vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437117/100/0/threaded" + }, + { + "name": "1098", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1098" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3201.json b/2006/3xxx/CVE-2006-3201.json index 9514051b190..361cd2714a1 100644 --- a/2006/3xxx/CVE-2006-3201.json +++ b/2006/3xxx/CVE-2006-3201.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02127", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438153/100/0/threaded" - }, - { - "name" : "SSRT051056", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438153/100/0/threaded" - }, - { - "name" : "18603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18603" - }, - { - "name" : "oval:org.mitre.oval:def:5746", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5746" - }, - { - "name" : "ADV-2006-2525", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2525" - }, - { - "name" : "26873", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26873" - }, - { - "name" : "1016363", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016363" - }, - { - "name" : "20809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20809" - }, - { - "name" : "1131", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1131" - }, - { - "name" : "hpux-kernel-local-dos(27358)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2525", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2525" + }, + { + "name": "1131", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1131" + }, + { + "name": "1016363", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016363" + }, + { + "name": "18603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18603" + }, + { + "name": "20809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20809" + }, + { + "name": "26873", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26873" + }, + { + "name": "hpux-kernel-local-dos(27358)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27358" + }, + { + "name": "SSRT051056", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438153/100/0/threaded" + }, + { + "name": "HPSBUX02127", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438153/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:5746", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5746" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3585.json b/2006/3xxx/CVE-2006-3585.json index f896f6b1188..15382b6aa84 100644 --- a/2006/3xxx/CVE-2006-3585.json +++ b/2006/3xxx/CVE-2006-3585.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the \"Supply news\" page in formmail.php, (3) the URL in the \"Site statistics\" page, and the (5) query_string parameter when performing a search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-3585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060802 Secunia Research: Jetbox Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441980/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-57/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-57/advisory/" - }, - { - "name" : "19303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19303" - }, - { - "name" : "27712", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27712" - }, - { - "name" : "27713", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27713" - }, - { - "name" : "27714", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27714" - }, - { - "name" : "20889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20889" - }, - { - "name" : "1339", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1339" - }, - { - "name" : "jetboxcms-index-xss(28164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the \"Supply news\" page in formmail.php, (3) the URL in the \"Site statistics\" page, and the (5) query_string parameter when performing a search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27714", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27714" + }, + { + "name": "27713", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27713" + }, + { + "name": "19303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19303" + }, + { + "name": "27712", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27712" + }, + { + "name": "20060802 Secunia Research: Jetbox Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441980/100/0/threaded" + }, + { + "name": "1339", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1339" + }, + { + "name": "http://secunia.com/secunia_research/2006-57/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-57/advisory/" + }, + { + "name": "20889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20889" + }, + { + "name": "jetboxcms-index-xss(28164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28164" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6044.json b/2006/6xxx/CVE-2006-6044.json index 133d8854578..d79120c491b 100644 --- a/2006/6xxx/CVE-2006-6044.json +++ b/2006/6xxx/CVE-2006-6044.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061120 PhpQuickGallery <= 1.9 Remote File Inclusion Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452104/100/100/threaded" - }, - { - "name" : "2814", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2814" - }, - { - "name" : "21181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21181" - }, - { - "name" : "ADV-2006-4597", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4597" - }, - { - "name" : "1017256", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017256" - }, - { - "name" : "22989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22989" - }, - { - "name" : "phpquickgallery-gallerytop-file-include(30391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpquickgallery-gallerytop-file-include(30391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30391" + }, + { + "name": "1017256", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017256" + }, + { + "name": "22989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22989" + }, + { + "name": "20061120 PhpQuickGallery <= 1.9 Remote File Inclusion Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452104/100/100/threaded" + }, + { + "name": "21181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21181" + }, + { + "name": "2814", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2814" + }, + { + "name": "ADV-2006-4597", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4597" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6391.json b/2006/6xxx/CVE-2006-6391.json index a5e47ff7b63..9f4e8f3515b 100644 --- a/2006/6xxx/CVE-2006-6391.json +++ b/2006/6xxx/CVE-2006-6391.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23168" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6468.json b/2006/6xxx/CVE-2006-6468.json index 78fd1d4373d..1fca5439c3e 100644 --- a/2006/6xxx/CVE-2006-6468.json +++ b/2006/6xxx/CVE-2006-6468.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a \"Validate Repository SSL Certificate\" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a \"Validate Repository SSL Certificate\" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6772.json b/2006/6xxx/CVE-2006-6772.json index 46e6f7a45ae..7420279ab33 100644 --- a/2006/6xxx/CVE-2006-6772.json +++ b/2006/6xxx/CVE-2006-6772.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061225 w3m format string bug", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439" - }, - { - "name" : "http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79", - "refsource" : "CONFIRM", - "url" : "http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79" - }, - { - "name" : "http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250", - "refsource" : "CONFIRM", - "url" : "http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250" - }, - { - "name" : "http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log", - "refsource" : "CONFIRM", - "url" : "http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log" - }, - { - "name" : "FEDORA-2007-077", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2415" - }, - { - "name" : "FEDORA-2007-078", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2416" - }, - { - "name" : "GLSA-200701-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-06.xml" - }, - { - "name" : "OpenPKG-SA-2006.44", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html" - }, - { - "name" : "SUSE-SA:2007:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_05_w3m.html" - }, - { - "name" : "USN-399-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-399-1" - }, - { - "name" : "21735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21735" - }, - { - "name" : "24332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24332" - }, - { - "name" : "ADV-2006-5164", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5164" - }, - { - "name" : "1017440", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017440" - }, - { - "name" : "23492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23492" - }, - { - "name" : "23588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23588" - }, - { - "name" : "23717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23717" - }, - { - "name" : "23773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23773" - }, - { - "name" : "23792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23792" - }, - { - "name" : "w3m-certificate-format-string(31114)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31114" - }, - { - "name" : "w3m-inputanswer-format-string(34821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log", + "refsource": "CONFIRM", + "url": "http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log" + }, + { + "name": "FEDORA-2007-077", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2415" + }, + { + "name": "20061225 w3m format string bug", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html" + }, + { + "name": "ADV-2006-5164", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5164" + }, + { + "name": "OpenPKG-SA-2006.44", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html" + }, + { + "name": "http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250", + "refsource": "CONFIRM", + "url": "http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250" + }, + { + "name": "w3m-certificate-format-string(31114)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31114" + }, + { + "name": "23717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23717" + }, + { + "name": "GLSA-200701-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-06.xml" + }, + { + "name": "23492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23492" + }, + { + "name": "23792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23792" + }, + { + "name": "http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79", + "refsource": "CONFIRM", + "url": "http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79" + }, + { + "name": "1017440", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017440" + }, + { + "name": "w3m-inputanswer-format-string(34821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34821" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439" + }, + { + "name": "SUSE-SA:2007:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_05_w3m.html" + }, + { + "name": "21735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21735" + }, + { + "name": "24332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24332" + }, + { + "name": "USN-399-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-399-1" + }, + { + "name": "23773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23773" + }, + { + "name": "23588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23588" + }, + { + "name": "FEDORA-2007-078", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2416" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7039.json b/2006/7xxx/CVE-2006-7039.json index 14cf491d62f..690904af19c 100644 --- a/2006/7xxx/CVE-2006-7039.json +++ b/2006/7xxx/CVE-2006-7039.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.atrium-software.com/download/McrReadMe_EN.html", - "refsource" : "CONFIRM", - "url" : "http://www.atrium-software.com/download/McrReadMe_EN.html" - }, - { - "name" : "18462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18462" - }, - { - "name" : "ADV-2006-2354", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2354" - }, - { - "name" : "20432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20432" - }, - { - "name" : "mercur-subject-dos(27229)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18462" + }, + { + "name": "mercur-subject-dos(27229)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27229" + }, + { + "name": "ADV-2006-2354", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2354" + }, + { + "name": "20432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20432" + }, + { + "name": "http://www.atrium-software.com/download/McrReadMe_EN.html", + "refsource": "CONFIRM", + "url": "http://www.atrium-software.com/download/McrReadMe_EN.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0232.json b/2011/0xxx/CVE-2011-0232.json index 04f28e5089c..878c6f1529a 100644 --- a/2011/0xxx/CVE-2011-0232.json +++ b/2011/0xxx/CVE-2011-0232.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0380.json b/2011/0xxx/CVE-2011-0380.json index c7c6b068fb3..716071d160a 100644 --- a/2011/0xxx/CVE-2011-0380.json +++ b/2011/0xxx/CVE-2011-0380.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Manager", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14f.shtml" - }, - { - "name" : "46526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46526" - }, - { - "name" : "1025111", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025111" - }, - { - "name" : "telepresence-soap-security-bypass(65618)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "telepresence-soap-security-bypass(65618)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65618" + }, + { + "name": "46526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46526" + }, + { + "name": "1025111", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025111" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Manager", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0631.json b/2011/0xxx/CVE-2011-0631.json index bf34e3eb36f..ebc42b1f45b 100644 --- a/2011/0xxx/CVE-2011-0631.json +++ b/2011/0xxx/CVE-2011-0631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0665.json b/2011/0xxx/CVE-2011-0665.json index e5a84e3304a..39910b638ac 100644 --- a/2011/0xxx/CVE-2011-0665.json +++ b/2011/0xxx/CVE-2011-0665.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47202" - }, - { - "name" : "71741", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71741" - }, - { - "name" : "oval:org.mitre.oval:def:12526", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12526" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var2-priv-escalation(66396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "mswin-win32k-var2-priv-escalation(66396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66396" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "71741", + "refsource": "OSVDB", + "url": "http://osvdb.org/71741" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "oval:org.mitre.oval:def:12526", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12526" + }, + { + "name": "47202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47202" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0881.json b/2011/0xxx/CVE-2011-0881.json index 2f42d42c8be..6c42cb15eb0 100644 --- a/2011/0xxx/CVE-2011-0881.json +++ b/2011/0xxx/CVE-2011-0881.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0899.json b/2011/0xxx/CVE-2011-0899.json index a1239f83329..212ff70bf74 100644 --- a/2011/0xxx/CVE-2011-0899.json +++ b/2011/0xxx/CVE-2011-0899.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/1040728", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1040728" - }, - { - "name" : "http://drupal.org/node/1048998", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1048998" - }, - { - "name" : "46116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46116" - }, - { - "name" : "70767", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70767" - }, - { - "name" : "43185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43185" - }, - { - "name" : "aes-module-information-disclosure(65112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aes-module-information-disclosure(65112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65112" + }, + { + "name": "70767", + "refsource": "OSVDB", + "url": "http://osvdb.org/70767" + }, + { + "name": "43185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43185" + }, + { + "name": "http://drupal.org/node/1040728", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1040728" + }, + { + "name": "46116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46116" + }, + { + "name": "http://drupal.org/node/1048998", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1048998" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0903.json b/2011/0xxx/CVE-2011-0903.json index b9c48137a30..f69f30d591f 100644 --- a/2011/0xxx/CVE-2011-0903.json +++ b/2011/0xxx/CVE-2011-0903.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16049", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16049" - }, - { - "name" : "46017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46017" - }, - { - "name" : "awcm-theme-file-include(64980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46017" + }, + { + "name": "awcm-theme-file-include(64980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64980" + }, + { + "name": "16049", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16049" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1877.json b/2011/1xxx/CVE-2011-1877.json index 158ad3df824..8cfd7763766 100644 --- a/2011/1xxx/CVE-2011-1877.json +++ b/2011/1xxx/CVE-2011-1877.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100144947", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144947" - }, - { - "name" : "MS11-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "48591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48591" - }, - { - "name" : "73779", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73779" - }, - { - "name" : "oval:org.mitre.oval:def:12847", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12847" - }, - { - "name" : "1025761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025761" - }, - { - "name" : "45186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" + }, + { + "name": "73779", + "refsource": "OSVDB", + "url": "http://osvdb.org/73779" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144947", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144947" + }, + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "45186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45186" + }, + { + "name": "oval:org.mitre.oval:def:12847", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12847" + }, + { + "name": "1025761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025761" + }, + { + "name": "48591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48591" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2526.json b/2011/2xxx/CVE-2011-2526.json index 4c00edb7710..f3e75ea85a2 100644 --- a/2011/2xxx/CVE-2011-2526.json +++ b/2011/2xxx/CVE-2011-2526.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110713 [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518889/100/0/threaded" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1145383", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1145383" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1145571", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1145571" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1145694", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1145694" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1146005", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1146005" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=720948", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=720948" - }, - { - "name" : "DSA-2401", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2401" - }, - { - "name" : "HPSBUX02725", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132215163318824&w=2" - }, - { - "name" : "SSRT100627", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132215163318824&w=2" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "HPSBOV02762", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "SSRT100825", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "MDVSA-2011:156", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156" - }, - { - "name" : "RHSA-2012:0074", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0074.html" - }, - { - "name" : "RHSA-2012:0075", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0075.html" - }, - { - "name" : "RHSA-2012:0076", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0076.html" - }, - { - "name" : "RHSA-2012:0077", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0077.html" - }, - { - "name" : "RHSA-2012:0078", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0078.html" - }, - { - "name" : "RHSA-2012:0325", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0325.html" - }, - { - "name" : "48667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48667" - }, - { - "name" : "73797", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73797" - }, - { - "name" : "73798", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73798" - }, - { - "name" : "oval:org.mitre.oval:def:14573", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573" - }, - { - "name" : "oval:org.mitre.oval:def:19514", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514" - }, - { - "name" : "1025788", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025788" - }, - { - "name" : "45232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45232" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "tomcat-sendfile-info-disclosure(68541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45232" + }, + { + "name": "oval:org.mitre.oval:def:19514", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1145383", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1145383" + }, + { + "name": "MDVSA-2011:156", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156" + }, + { + "name": "DSA-2401", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2401" + }, + { + "name": "RHSA-2012:0325", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "RHSA-2012:0078", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html" + }, + { + "name": "RHSA-2012:0075", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" + }, + { + "name": "RHSA-2012:0074", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "HPSBOV02762", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1146005", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1146005" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1145571", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1145571" + }, + { + "name": "SSRT100627", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=720948", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720948" + }, + { + "name": "SSRT100825", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "20110713 [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518889/100/0/threaded" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "73797", + "refsource": "OSVDB", + "url": "http://osvdb.org/73797" + }, + { + "name": "HPSBUX02725", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" + }, + { + "name": "tomcat-sendfile-info-disclosure(68541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68541" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "oval:org.mitre.oval:def:14573", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1145694", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1145694" + }, + { + "name": "73798", + "refsource": "OSVDB", + "url": "http://osvdb.org/73798" + }, + { + "name": "RHSA-2012:0076", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" + }, + { + "name": "1025788", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025788" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "RHSA-2012:0077", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html" + }, + { + "name": "48667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48667" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3161.json b/2011/3xxx/CVE-2011-3161.json index 5808a098fb7..af71ed5b0f7 100644 --- a/2011/3xxx/CVE-2011-3161.json +++ b/2011/3xxx/CVE-2011-3161.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-3161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03058866", - "refsource" : "CONFIRM", - "url" : "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03058866" - }, - { - "name" : "1026195", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03058866", + "refsource": "CONFIRM", + "url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03058866" + }, + { + "name": "1026195", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026195" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3382.json b/2011/3xxx/CVE-2011-3382.json index da61f4f128c..43089b94d5a 100644 --- a/2011/3xxx/CVE-2011-3382.json +++ b/2011/3xxx/CVE-2011-3382.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-3382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phorum.org/phorum5/read.php?64,147504", - "refsource" : "MISC", - "url" : "http://www.phorum.org/phorum5/read.php?64,147504" - }, - { - "name" : "JVN#71435255", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN71435255/index.html" - }, - { - "name" : "JVNDB-2011-000068", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#71435255", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN71435255/index.html" + }, + { + "name": "http://www.phorum.org/phorum5/read.php?64,147504", + "refsource": "MISC", + "url": "http://www.phorum.org/phorum5/read.php?64,147504" + }, + { + "name": "JVNDB-2011-000068", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3386.json b/2011/3xxx/CVE-2011-3386.json index ae63e157d92..12a0f6bed63 100644 --- a/2011/3xxx/CVE-2011-3386.json +++ b/2011/3xxx/CVE-2011-3386.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren't intentionally programmed and could intervene accordingly.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html", - "refsource" : "MISC", - "url" : "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html" - }, - { - "name" : "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html", - "refsource" : "MISC", - "url" : "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html" - }, - { - "name" : "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces", - "refsource" : "MISC", - "url" : "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces" - }, - { - "name" : "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx", - "refsource" : "MISC", - "url" : "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx" - }, - { - "name" : "http://www.informationweek.com/news/security/vulnerabilities/231600265", - "refsource" : "MISC", - "url" : "http://www.informationweek.com/news/security/vulnerabilities/231600265" - }, - { - "name" : "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR", - "refsource" : "MISC", - "url" : "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR" - }, - { - "name" : "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/", - "refsource" : "MISC", - "url" : "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/" - }, - { - "name" : "paradigm-insulin-pump-dos(69643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren't intentionally programmed and could intervene accordingly.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx", + "refsource": "MISC", + "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx" + }, + { + "name": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/", + "refsource": "MISC", + "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/" + }, + { + "name": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR", + "refsource": "MISC", + "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR" + }, + { + "name": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html", + "refsource": "MISC", + "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html" + }, + { + "name": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces", + "refsource": "MISC", + "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces" + }, + { + "name": "paradigm-insulin-pump-dos(69643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643" + }, + { + "name": "http://www.informationweek.com/news/security/vulnerabilities/231600265", + "refsource": "MISC", + "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265" + }, + { + "name": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html", + "refsource": "MISC", + "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4022.json b/2011/4xxx/CVE-2011-4022.json index a2fe858e8c3..e942b97c65e 100644 --- a/2011/4xxx/CVE-2011-4022.json +++ b/2011/4xxx/CVE-2011-4022.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-4022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4360.json b/2011/4xxx/CVE-2011-4360.json index 2fc90413f4c..9185ae1d5c9 100644 --- a/2011/4xxx/CVE-2011-4360.json +++ b/2011/4xxx/CVE-2011-4360.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20111128 MediaWiki security release 1.17.1", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html" - }, - { - "name" : "[oss-security] 20111129 CVE request: mediawiki before 1.17.1", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/29/6" - }, - { - "name" : "[oss-security] 20111129 Re: CVE request: mediawiki before 1.17.1", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/29/12" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=758171", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=758171" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=32276", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=32276" - }, - { - "name" : "DSA-2366", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mediawiki-announce] 20111128 MediaWiki security release 1.17.1", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=758171", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171" + }, + { + "name": "[oss-security] 20111129 CVE request: mediawiki before 1.17.1", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/29/6" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32276", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32276" + }, + { + "name": "[oss-security] 20111129 Re: CVE request: mediawiki before 1.17.1", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/29/12" + }, + { + "name": "DSA-2366", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2366" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4519.json b/2011/4xxx/CVE-2011-4519.json index 53f35860713..50df0bd7c7d 100644 --- a/2011/4xxx/CVE-2011-4519.json +++ b/2011/4xxx/CVE-2011-4519.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02" - }, - { - "name" : "http://www.promotic.eu/en/pmdoc/News.htm#ver80105", - "refsource" : "CONFIRM", - "url" : "http://www.promotic.eu/en/pmdoc/News.htm#ver80105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105", + "refsource": "CONFIRM", + "url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4616.json b/2011/4xxx/CVE-2011-4616.json index 2c179bc01dd..7b416ec3804 100644 --- a/2011/4xxx/CVE-2011-4616.json +++ b/2011/4xxx/CVE-2011-4616.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111218 CVE for HTML-Template-Pro 0.9506 XSS", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/12/19/1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587" - }, - { - "name" : "http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes" - }, - { - "name" : "http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507", - "refsource" : "CONFIRM", - "url" : "http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507" - }, - { - "name" : "FEDORA-2012-15439", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html" - }, - { - "name" : "FEDORA-2012-15482", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html" - }, - { - "name" : "FEDORA-2012-15490", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html" - }, - { - "name" : "51117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51117" - }, - { - "name" : "47184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes" + }, + { + "name": "51117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51117" + }, + { + "name": "FEDORA-2012-15482", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html" + }, + { + "name": "FEDORA-2012-15490", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html" + }, + { + "name": "FEDORA-2012-15439", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html" + }, + { + "name": "[oss-security] 20111218 CVE for HTML-Template-Pro 0.9506 XSS", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/12/19/1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587" + }, + { + "name": "47184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47184" + }, + { + "name": "http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507", + "refsource": "CONFIRM", + "url": "http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5123.json b/2013/5xxx/CVE-2013-5123.json index add54bc059a..ca076acb543 100644 --- a/2013/5xxx/CVE-2013-5123.json +++ b/2013/5xxx/CVE-2013-5123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5391.json b/2013/5xxx/CVE-2013-5391.json index 2f9904060e4..77f130cfff2 100644 --- a/2013/5xxx/CVE-2013-5391.json +++ b/2013/5xxx/CVE-2013-5391.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665731", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665731" - }, - { - "name" : "ibm-traveler-cve20135391-weak-security(87128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-traveler-cve20135391-weak-security(87128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87128" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665731", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665731" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5751.json b/2013/5xxx/CVE-2013-5751.json index b34157abaf7..906f2bfca2e 100644 --- a/2013/5xxx/CVE-2013-5751.json +++ b/2013/5xxx/CVE-2013-5751.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.securitylab.ru/lab/PT-2012-24", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2012-24" - }, - { - "name" : "https://websmp230.sap-ag.de/sap/support/notes/1779578", - "refsource" : "MISC", - "url" : "https://websmp230.sap-ag.de/sap/support/notes/1779578" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "62391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62391" - }, - { - "name" : "97350", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97350" - }, - { - "name" : "54809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54809" - }, - { - "name" : "sap-netweaver-unspecified-dir-traversal(87121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54809" + }, + { + "name": "97350", + "refsource": "OSVDB", + "url": "http://osvdb.org/97350" + }, + { + "name": "http://en.securitylab.ru/lab/PT-2012-24", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2012-24" + }, + { + "name": "https://websmp230.sap-ag.de/sap/support/notes/1779578", + "refsource": "MISC", + "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "62391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62391" + }, + { + "name": "sap-netweaver-unspecified-dir-traversal(87121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5753.json b/2013/5xxx/CVE-2013-5753.json index 730ec7836a0..d06024249ae 100644 --- a/2013/5xxx/CVE-2013-5753.json +++ b/2013/5xxx/CVE-2013-5753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5753", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5753", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5766.json b/2013/5xxx/CVE-2013-5766.json index e4577410baa..75cee24f2c0 100644 --- a/2013/5xxx/CVE-2013-5766.json +++ b/2013/5xxx/CVE-2013-5766.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to DB Performance Advisories/UIs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "55322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to DB Performance Advisories/UIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55322" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2139.json b/2014/2xxx/CVE-2014-2139.json index a6b77a92f17..86b79032742 100644 --- a/2014/2xxx/CVE-2014-2139.json +++ b/2014/2xxx/CVE-2014-2139.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681" - }, - { - "name" : "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681" + }, + { + "name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2167.json b/2014/2xxx/CVE-2014-2167.json index 3efa564869c..f1823a7bbe3 100644 --- a/2014/2xxx/CVE-2014-2167.json +++ b/2014/2xxx/CVE-2014-2167.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2243.json b/2014/2xxx/CVE-2014-2243.json index 258ce071bdf..db0d6c2dc97 100644 --- a/2014/2xxx/CVE-2014-2243.json +++ b/2014/2xxx/CVE-2014-2243.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html" - }, - { - "name" : "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/02/28/1" - }, - { - "name" : "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/03/01/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1071136" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346" - }, - { - "name" : "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z", - "refsource" : "CONFIRM", - "url" : "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/02/28/1" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346" + }, + { + "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071136" + }, + { + "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/03/01/2" + }, + { + "name": "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z", + "refsource": "CONFIRM", + "url": "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2273.json b/2014/2xxx/CVE-2014-2273.json index f8539720acd..599ab0eb09c 100644 --- a/2014/2xxx/CVE-2014-2273.json +++ b/2014/2xxx/CVE-2014-2273.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://labs.mwrinfosecurity.com/system/assets/762/original/mwri_advisory_huawei_driver-root-exploit.pdf", - "refsource" : "MISC", - "url" : "https://labs.mwrinfosecurity.com/system/assets/762/original/mwri_advisory_huawei_driver-root-exploit.pdf" - }, - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm" - }, - { - "name" : "71374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71374" - }, - { - "name" : "huawei-cve20142273-priv-esc(99088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm" + }, + { + "name": "71374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71374" + }, + { + "name": "huawei-cve20142273-priv-esc(99088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99088" + }, + { + "name": "https://labs.mwrinfosecurity.com/system/assets/762/original/mwri_advisory_huawei_driver-root-exploit.pdf", + "refsource": "MISC", + "url": "https://labs.mwrinfosecurity.com/system/assets/762/original/mwri_advisory_huawei_driver-root-exploit.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6244.json b/2014/6xxx/CVE-2014-6244.json index 07c46345fa0..26e050cc413 100644 --- a/2014/6xxx/CVE-2014-6244.json +++ b/2014/6xxx/CVE-2014-6244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6279.json b/2014/6xxx/CVE-2014-6279.json index 0a0cf7863e2..60c0e7901d2 100644 --- a/2014/6xxx/CVE-2014-6279.json +++ b/2014/6xxx/CVE-2014-6279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6279", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6279", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6289.json b/2014/6xxx/CVE-2014-6289.json index a9bb580e2c4..8bc7f92e49e 100644 --- a/2014/6xxx/CVE-2014-6289.json +++ b/2014/6xxx/CVE-2014-6289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/pt_extbase", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/pt_extbase" - }, - { - "name" : "http://typo3.org/extensions/repository/view/yag", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/yag" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/yag", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/yag" + }, + { + "name": "http://typo3.org/extensions/repository/view/pt_extbase", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/pt_extbase" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6759.json b/2014/6xxx/CVE-2014-6759.json index 7067f217d5f..d3777edbdba 100644 --- a/2014/6xxx/CVE-2014-6759.json +++ b/2014/6xxx/CVE-2014-6759.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#895865", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/895865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#895865", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/895865" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7315.json b/2014/7xxx/CVE-2014-7315.json index a9247246c92..9233d579a7b 100644 --- a/2014/7xxx/CVE-2014-7315.json +++ b/2014/7xxx/CVE-2014-7315.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#247217", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/247217" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#247217", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/247217" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7637.json b/2014/7xxx/CVE-2014-7637.json index 0559a00fbc3..ffe62def814 100644 --- a/2014/7xxx/CVE-2014-7637.json +++ b/2014/7xxx/CVE-2014-7637.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7637", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7637", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0269.json b/2017/0xxx/CVE-2017-0269.json index 03fbf93d4d5..745fd5bb7e4 100644 --- a/2017/0xxx/CVE-2017-0269.json +++ b/2017/0xxx/CVE-2017-0269.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Block Message 1.0", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Block Message 1.0", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0269", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0269" - }, - { - "name" : "98263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98263" - }, - { - "name" : "1038433", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0269", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0269" + }, + { + "name": "98263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98263" + }, + { + "name": "1038433", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038433" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0289.json b/2017/0xxx/CVE-2017-0289.json index b79846011a5..e9641ae81d2 100644 --- a/2017/0xxx/CVE-2017-0289.json +++ b/2017/0xxx/CVE-2017-0289.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Uniscrbe", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Windows Graphics Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Uniscrbe", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42240", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42240/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0289", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0289" - }, - { - "name" : "98929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98929" - }, - { - "name" : "1038662", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Windows Graphics Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0289", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0289" + }, + { + "name": "42240", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42240/" + }, + { + "name": "1038662", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038662" + }, + { + "name": "98929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98929" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0448.json b/2017/0xxx/CVE-2017-0448.json index 55b7327fbbb..00fd39a11c8 100644 --- a/2017/0xxx/CVE-2017-0448.json +++ b/2017/0xxx/CVE-2017-0448.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96105" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96105" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0656.json b/2017/0xxx/CVE-2017-0656.json index 6176a66c06b..dc7d2dbb7ff 100644 --- a/2017/0xxx/CVE-2017-0656.json +++ b/2017/0xxx/CVE-2017-0656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0656", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0656", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18325.json b/2017/18xxx/CVE-2017-18325.json index c8bc37e611a..93b94013145 100644 --- a/2017/18xxx/CVE-2017-18325.json +++ b/2017/18xxx/CVE-2017-18325.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18325", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18325", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1064.json b/2017/1xxx/CVE-2017-1064.json index cfcc07e03d6..5cea1071501 100644 --- a/2017/1xxx/CVE-2017-1064.json +++ b/2017/1xxx/CVE-2017-1064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1178.json b/2017/1xxx/CVE-2017-1178.json index 500e2b67829..da568985456 100644 --- a/2017/1xxx/CVE-2017-1178.json +++ b/2017/1xxx/CVE-2017-1178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Endpoint Manager for Security and Compliance", - "version" : { - "version_data" : [ - { - "version_value" : "1.9.70" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Endpoint Manager for Security and Compliance", + "version": { + "version_data": [ + { + "version_value": "1.9.70" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123430", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123430" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004164", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004164" - }, - { - "name" : "98909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004164", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004164" + }, + { + "name": "98909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98909" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123430", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123430" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1222.json b/2017/1xxx/CVE-2017-1222.json index bec1048a40b..9ceaf66d80e 100644 --- a/2017/1xxx/CVE-2017-1222.json +++ b/2017/1xxx/CVE-2017-1222.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123862", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123862" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009673", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009673" - }, - { - "name" : "101571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101571" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009673", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009673" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123862", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123862" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1669.json b/2017/1xxx/CVE-2017-1669.json index 27dc9e99122..deace6fd560 100644 --- a/2017/1xxx/CVE-2017-1669.json +++ b/2017/1xxx/CVE-2017-1669.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2017-1669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.5" - }, - { - "version_value" : "2.6" - }, - { - "version_value" : "2.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2017-1669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.5" + }, + { + "version_value": "2.6" + }, + { + "version_value": "2.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133636", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133636" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997955", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997955" - }, - { - "name" : "102468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997955", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997955" + }, + { + "name": "102468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102468" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133636", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133636" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1685.json b/2017/1xxx/CVE-2017-1685.json index 7096a91a43c..80b8e61a229 100644 --- a/2017/1xxx/CVE-2017-1685.json +++ b/2017/1xxx/CVE-2017-1685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1685", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1685", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4345.json b/2017/4xxx/CVE-2017-4345.json index d1396a99864..41e4401fa00 100644 --- a/2017/4xxx/CVE-2017-4345.json +++ b/2017/4xxx/CVE-2017-4345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4345", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4345", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5639.json b/2017/5xxx/CVE-2017-5639.json index f2d393c7408..93cc272bdd7 100644 --- a/2017/5xxx/CVE-2017-5639.json +++ b/2017/5xxx/CVE-2017-5639.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5639", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5639", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file