diff --git a/2006/0xxx/CVE-2006-0192.json b/2006/0xxx/CVE-2006-0192.json index 582be8f6871..5018565e957 100644 --- a/2006/0xxx/CVE-2006-0192.json +++ b/2006/0xxx/CVE-2006-0192.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060204 sql injection in ASP Survey", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423949/100/0/threaded" - }, - { - "name" : "16496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16496" - }, - { - "name" : "ADV-2006-0164", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0164" - }, - { - "name" : "22342", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22342" - }, - { - "name" : "18422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18422" - }, - { - "name" : "414", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/414" - }, - { - "name" : "aspsurvey-loginvalidate-sql-injection(24087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060204 sql injection in ASP Survey", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423949/100/0/threaded" + }, + { + "name": "ADV-2006-0164", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0164" + }, + { + "name": "414", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/414" + }, + { + "name": "aspsurvey-loginvalidate-sql-injection(24087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24087" + }, + { + "name": "18422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18422" + }, + { + "name": "16496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16496" + }, + { + "name": "22342", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22342" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0402.json b/2006/0xxx/CVE-2006-0402.json index eda55c3f5b5..253be709ee4 100644 --- a/2006/0xxx/CVE-2006-0402.json +++ b/2006/0xxx/CVE-2006-0402.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320" - }, - { - "name" : "DSA-989", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-989" - }, - { - "name" : "16347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16347" - }, - { - "name" : "ADV-2006-0297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0297" - }, - { - "name" : "22743", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22743" - }, - { - "name" : "18563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18563" - }, - { - "name" : "19153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19153" - }, - { - "name" : "zoph-sql-injection(24264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22743", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22743" + }, + { + "name": "18563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18563" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320" + }, + { + "name": "19153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19153" + }, + { + "name": "16347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16347" + }, + { + "name": "ADV-2006-0297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0297" + }, + { + "name": "zoph-sql-injection(24264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24264" + }, + { + "name": "DSA-989", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-989" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0562.json b/2006/0xxx/CVE-2006-0562.json index 747fd676060..b7a63629243 100644 --- a/2006/0xxx/CVE-2006-0562.json +++ b/2006/0xxx/CVE-2006-0562.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060204 PluggedOut Blog SQL injection and XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423948/100/0/threaded" - }, - { - "name" : "20060206 VERIFY Pluggedout Blog 1.9.9c problem.php XSS", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-February/000530.html" - }, - { - "name" : "http://hamid.ir/security/pluggedoutblog.txt", - "refsource" : "MISC", - "url" : "http://hamid.ir/security/pluggedoutblog.txt" - }, - { - "name" : "ADV-2006-0440", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0440" - }, - { - "name" : "22927", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22927" - }, - { - "name" : "1015586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015586" - }, - { - "name" : "18726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18726" - }, - { - "name" : "pluggedoutblog-problem-xss(24482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hamid.ir/security/pluggedoutblog.txt", + "refsource": "MISC", + "url": "http://hamid.ir/security/pluggedoutblog.txt" + }, + { + "name": "20060206 VERIFY Pluggedout Blog 1.9.9c problem.php XSS", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-February/000530.html" + }, + { + "name": "ADV-2006-0440", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0440" + }, + { + "name": "18726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18726" + }, + { + "name": "pluggedoutblog-problem-xss(24482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24482" + }, + { + "name": "1015586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015586" + }, + { + "name": "20060204 PluggedOut Blog SQL injection and XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423948/100/0/threaded" + }, + { + "name": "22927", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22927" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0705.json b/2006/0xxx/CVE-2006-0705.json index 7aec6c45b2c..85b5bda821f 100644 --- a/2006/0xxx/CVE-2006-0705.json +++ b/2006/0xxx/CVE-2006-0705.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.wrq.com/techdocs/1882.html", - "refsource" : "CONFIRM", - "url" : "http://support.wrq.com/techdocs/1882.html" - }, - { - "name" : "GLSA-200703-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200703-13.xml" - }, - { - "name" : "HPSBTU02322", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120654385125315&w=2" - }, - { - "name" : "SSRT080011", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120654385125315&w=2" - }, - { - "name" : "VU#419241", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/419241" - }, - { - "name" : "16625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16625" - }, - { - "name" : "16640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16640" - }, - { - "name" : "ADV-2006-0554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0554" - }, - { - "name" : "ADV-2006-0555", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0555" - }, - { - "name" : "ADV-2008-1008", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1008/references" - }, - { - "name" : "1015619", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015619" - }, - { - "name" : "18828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18828" - }, - { - "name" : "18843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18843" - }, - { - "name" : "24516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24516" - }, - { - "name" : "29552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29552" - }, - { - "name" : "sftp-logging-format-string(24651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015619", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015619" + }, + { + "name": "http://support.wrq.com/techdocs/1882.html", + "refsource": "CONFIRM", + "url": "http://support.wrq.com/techdocs/1882.html" + }, + { + "name": "24516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24516" + }, + { + "name": "29552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29552" + }, + { + "name": "sftp-logging-format-string(24651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651" + }, + { + "name": "VU#419241", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/419241" + }, + { + "name": "HPSBTU02322", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2" + }, + { + "name": "18828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18828" + }, + { + "name": "GLSA-200703-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200703-13.xml" + }, + { + "name": "ADV-2006-0555", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0555" + }, + { + "name": "ADV-2006-0554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0554" + }, + { + "name": "16625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16625" + }, + { + "name": "ADV-2008-1008", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1008/references" + }, + { + "name": "16640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16640" + }, + { + "name": "SSRT080011", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2" + }, + { + "name": "18843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18843" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0849.json b/2006/0xxx/CVE-2006-0849.json index 6b365d40014..3bddba1bbb9 100644 --- a/2006/0xxx/CVE-2006-0849.json +++ b/2006/0xxx/CVE-2006-0849.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0849", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0849", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3407.json b/2006/3xxx/CVE-2006-3407.json index 62b992d71bb..193a74ba549 100644 --- a/2006/3xxx/CVE-2006-3407.json +++ b/2006/3xxx/CVE-2006-3407.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tor.eff.org/cvs/tor/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://tor.eff.org/cvs/tor/ChangeLog" - }, - { - "name" : "GLSA-200606-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml" - }, - { - "name" : "19795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19795" - }, - { - "name" : "20277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20277" - }, - { - "name" : "20514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20514" - }, - { - "name" : "tor-log-spoofing(26793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19795" + }, + { + "name": "20277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20277" + }, + { + "name": "20514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20514" + }, + { + "name": "GLSA-200606-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200606-04.xml" + }, + { + "name": "http://tor.eff.org/cvs/tor/ChangeLog", + "refsource": "CONFIRM", + "url": "http://tor.eff.org/cvs/tor/ChangeLog" + }, + { + "name": "tor-log-spoofing(26793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26793" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3517.json b/2006/3xxx/CVE-2006-3517.json index f8b9227aa37..d4579685568 100644 --- a/2006/3xxx/CVE-2006-3517.json +++ b/2006/3xxx/CVE-2006-3517.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060708 RW::Download stats.php Remote File Inc.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439524/100/0/threaded" - }, - { - "name" : "18901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18901" - }, - { - "name" : "1207", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1207", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1207" + }, + { + "name": "18901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18901" + }, + { + "name": "20060708 RW::Download stats.php Remote File Inc.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439524/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3648.json b/2006/3xxx/CVE-2006-3648.json index 6bafd6763c0..f4be8a5d518 100644 --- a/2006/3xxx/CVE-2006-3648.json +++ b/2006/3xxx/CVE-2006-3648.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly \"unloading chained exception.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-051" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#411516", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/411516" - }, - { - "name" : "19384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19384" - }, - { - "name" : "ADV-2006-3216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3216" - }, - { - "name" : "oval:org.mitre.oval:def:841", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A841" - }, - { - "name" : "1016661", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly \"unloading chained exception.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS06-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-051" + }, + { + "name": "oval:org.mitre.oval:def:841", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A841" + }, + { + "name": "ADV-2006-3216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3216" + }, + { + "name": "VU#411516", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/411516" + }, + { + "name": "19384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19384" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "1016661", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016661" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4209.json b/2006/4xxx/CVE-2006-4209.json index d47962bedf9..cf0269fdbcb 100644 --- a/2006/4xxx/CVE-2006-4209.json +++ b/2006/4xxx/CVE-2006-4209.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442983/100/0/threaded" - }, - { - "name" : "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm", - "refsource" : "MISC", - "url" : "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm" - }, - { - "name" : "2171", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2171" - }, - { - "name" : "19477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19477" - }, - { - "name" : "1404", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1404" - }, - { - "name" : "webinsta-install-file-include(28340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19477" + }, + { + "name": "1404", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1404" + }, + { + "name": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm", + "refsource": "MISC", + "url": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm" + }, + { + "name": "webinsta-install-file-include(28340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340" + }, + { + "name": "2171", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2171" + }, + { + "name": "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442983/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4466.json b/2006/4xxx/CVE-2006-4466.json index 3e3dc010f05..753280f4e04 100644 --- a/2006/4xxx/CVE-2006-4466.json +++ b/2006/4xxx/CVE-2006-4466.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1841/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1841/78/" - }, - { - "name" : "ADV-2006-3408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3408" + }, + { + "name": "http://www.joomla.org/content/view/1841/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1841/78/" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4843.json b/2006/4xxx/CVE-2006-4843.json index d17a4f13a78..f4a61139e1d 100644 --- a/2006/4xxx/CVE-2006-4843.json +++ b/2006/4xxx/CVE-2006-4843.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified \"code sequences\" that bypass the protection scheme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070328 IBM Lotus Domino Web Access Cross Site Scripting Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21257026", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21257026" - }, - { - "name" : "23173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23173" - }, - { - "name" : "ADV-2007-1133", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1133" - }, - { - "name" : "1017824", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017824" - }, - { - "name" : "24633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24633" - }, - { - "name" : "domino-webaccess-contentfilter-xss(33280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified \"code sequences\" that bypass the protection scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "domino-webaccess-contentfilter-xss(33280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280" + }, + { + "name": "20070328 IBM Lotus Domino Web Access Cross Site Scripting Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493" + }, + { + "name": "1017824", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017824" + }, + { + "name": "23173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23173" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026" + }, + { + "name": "24633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24633" + }, + { + "name": "ADV-2007-1133", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1133" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4977.json b/2006/4xxx/CVE-2006-4977.json index 757c24e1f6d..965f4582daa 100644 --- a/2006/4xxx/CVE-2006-4977.json +++ b/2006/4xxx/CVE-2006-4977.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060916 PHPQuiz Multiple Remote Vulnerabilites", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446315/100/0/threaded" - }, - { - "name" : "2376", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2376" - }, - { - "name" : "http://www.morx.org/phpquiz.txt", - "refsource" : "MISC", - "url" : "http://www.morx.org/phpquiz.txt" - }, - { - "name" : "20065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20065" - }, - { - "name" : "ADV-2006-3693", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3693" - }, - { - "name" : "22015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22015" - }, - { - "name" : "1627", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1627" - }, - { - "name" : "phpquiz-uploadimg-file-upload(28995)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2376", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2376" + }, + { + "name": "ADV-2006-3693", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3693" + }, + { + "name": "http://www.morx.org/phpquiz.txt", + "refsource": "MISC", + "url": "http://www.morx.org/phpquiz.txt" + }, + { + "name": "phpquiz-uploadimg-file-upload(28995)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28995" + }, + { + "name": "1627", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1627" + }, + { + "name": "22015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22015" + }, + { + "name": "20065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20065" + }, + { + "name": "20060916 PHPQuiz Multiple Remote Vulnerabilites", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446315/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7004.json b/2006/7xxx/CVE-2006-7004.json index 30721cb3cef..c4fadb7c684 100644 --- a/2006/7xxx/CVE-2006-7004.json +++ b/2006/7xxx/CVE-2006-7004.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt" - }, - { - "name" : "17974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17974" - }, - { - "name" : "36360", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36360", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36360" + }, + { + "name": "17974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17974" + }, + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2092.json b/2010/2xxx/CVE-2010-2092.json index f031b5c10c1..1d0ba825cb6 100644 --- a/2010/2xxx/CVE-2010-2092.json +++ b/2010/2xxx/CVE-2010-2092.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html" - }, - { - "name" : "http://www.cacti.net/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/changelog.php" - }, - { - "name" : "DSA-2060", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2060" - }, - { - "name" : "RHSA-2010:0635", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html" - }, - { - "name" : "41041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41041" - }, - { - "name" : "ADV-2010-2132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cacti.net/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/changelog.php" + }, + { + "name": "DSA-2060", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2060" + }, + { + "name": "41041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41041" + }, + { + "name": "RHSA-2010:0635", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html" + }, + { + "name": "ADV-2010-2132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2132" + }, + { + "name": "http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2237.json b/2010/2xxx/CVE-2010-2237.json index 340d3d6fb05..44312280468 100644 --- a/2010/2xxx/CVE-2010-2237.json +++ b/2010/2xxx/CVE-2010-2237.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libvirt.org/news.html", - "refsource" : "MISC", - "url" : "http://libvirt.org/news.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607810", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607810" - }, - { - "name" : "FEDORA-2010-10960", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" - }, - { - "name" : "FEDORA-2010-11021", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-1008-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-1" - }, - { - "name" : "USN-1008-2", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-2" - }, - { - "name" : "USN-1008-3", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-3" - }, - { - "name" : "ADV-2010-2763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-10960", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" + }, + { + "name": "USN-1008-2", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-2" + }, + { + "name": "FEDORA-2010-11021", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" + }, + { + "name": "http://libvirt.org/news.html", + "refsource": "MISC", + "url": "http://libvirt.org/news.html" + }, + { + "name": "USN-1008-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-1" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "USN-1008-3", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607810", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607810" + }, + { + "name": "ADV-2010-2763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2763" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2740.json b/2010/2xxx/CVE-2010-2740.json index 53d9bac6d3c..33a10aef781 100644 --- a/2010/2xxx/CVE-2010-2740.json +++ b/2010/2xxx/CVE-2010-2740.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka \"OpenType Font Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100113218", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100113218" - }, - { - "name" : "MS10-078", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-078" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7258", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka \"OpenType Font Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-078", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-078" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100113218", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100113218" + }, + { + "name": "oval:org.mitre.oval:def:7258", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7258" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2754.json b/2010/2xxx/CVE-2010-2754.json index afea932593b..6439687c9f3 100644 --- a/2010/2xxx/CVE-2010-2754.json +++ b/2010/2xxx/CVE-2010-2754.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=568564", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=568564" - }, - { - "name" : "oval:org.mitre.oval:def:11770", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html" + }, + { + "name": "oval:org.mitre.oval:def:11770", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11770" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=568564", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=568564" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3304.json b/2010/3xxx/CVE-2010-3304.json index fc0ed8bfb42..988ee69e3e3 100644 --- a/2010/3xxx/CVE-2010-3304.json +++ b/2010/3xxx/CVE-2010-3304.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dovecot-news] 20100724 v1.2.13 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot-news/2010-July/000163.html" - }, - { - "name" : "[oss-security] 20100916 CVE-identifier request for Dovecot ACL security bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/16/14" - }, - { - "name" : "[oss-security] 20100916 Re: CVE-identifier request for Dovecot ACL security bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/16/17" - }, - { - "name" : "MDVSA-2010:217", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-1059-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1059-1" - }, - { - "name" : "41964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41964" - }, - { - "name" : "43220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43220" - }, - { - "name" : "ADV-2010-2840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2840" - }, - { - "name" : "ADV-2011-0301", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dovecot-news] 20100724 v1.2.13 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot-news/2010-July/000163.html" + }, + { + "name": "[oss-security] 20100916 Re: CVE-identifier request for Dovecot ACL security bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/16/17" + }, + { + "name": "USN-1059-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1059-1" + }, + { + "name": "41964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41964" + }, + { + "name": "[oss-security] 20100916 CVE-identifier request for Dovecot ACL security bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/16/14" + }, + { + "name": "MDVSA-2010:217", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" + }, + { + "name": "43220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43220" + }, + { + "name": "ADV-2011-0301", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0301" + }, + { + "name": "ADV-2010-2840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2840" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3487.json b/2010/3xxx/CVE-2010-3487.json index 22dface2ad8..64043de6df6 100644 --- a/2010/3xxx/CVE-2010-3487.json +++ b/2010/3xxx/CVE-2010-3487.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt" - }, - { - "name" : "http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42", - "refsource" : "MISC", - "url" : "http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42" - }, - { - "name" : "68141", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/68141" - }, - { - "name" : "41538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68141", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/68141" + }, + { + "name": "41538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41538" + }, + { + "name": "http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42", + "refsource": "MISC", + "url": "http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3546.json b/2010/3xxx/CVE-2010-3546.json index 675f0cfcdd7..90069deaed6 100644 --- a/2010/3xxx/CVE-2010-3546.json +++ b/2010/3xxx/CVE-2010-3546.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0058.json b/2011/0xxx/CVE-2011-0058.json index f73fb9478c5..af142c8f653 100644 --- a/2011/0xxx/CVE-2011-0058.json +++ b/2011/0xxx/CVE-2011-0058.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=607160", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=607160" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100133195", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100133195" - }, - { - "name" : "MDVSA-2011:041", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041" - }, - { - "name" : "46660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46660" - }, - { - "name" : "oval:org.mitre.oval:def:14254", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.avaya.com/css/P8/documents/100133195", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100133195" + }, + { + "name": "46660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46660" + }, + { + "name": "oval:org.mitre.oval:def:14254", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=607160", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607160" + }, + { + "name": "MDVSA-2011:041", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0254.json b/2011/0xxx/CVE-2011-0254.json index 424d7f6a751..59db38d7ccb 100644 --- a/2011/0xxx/CVE-2011-0254.json +++ b/2011/0xxx/CVE-2011-0254.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0637.json b/2011/0xxx/CVE-2011-0637.json index c2c1bc5a073..d4186bcac70 100644 --- a/2011/0xxx/CVE-2011-0637.json +++ b/2011/0xxx/CVE-2011-0637.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IZ92478", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ92478" - }, - { - "name" : "45931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45931" - }, - { - "name" : "70519", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70519" - }, - { - "name" : "42962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42962" - }, - { - "name" : "ADV-2011-0176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0176" - }, - { - "name" : "ibm-aix-fcscsi-dos(64817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0176" + }, + { + "name": "70519", + "refsource": "OSVDB", + "url": "http://osvdb.org/70519" + }, + { + "name": "42962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42962" + }, + { + "name": "ibm-aix-fcscsi-dos(64817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64817" + }, + { + "name": "45931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45931" + }, + { + "name": "IZ92478", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ92478" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0946.json b/2011/0xxx/CVE-2011-0946.json index 6b152f318d5..3d4ec605e89 100644 --- a/2011/0xxx/CVE-2011-0946.json +++ b/2011/0xxx/CVE-2011-0946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117" - }, - { - "name" : "20110928 Cisco IOS Software Network Address Translation Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117" + }, + { + "name": "20110928 Cisco IOS Software Network Address Translation Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1024.json b/2011/1xxx/CVE-2011-1024.json index 0c259aa4848..74de373898b 100644 --- a/2011/1xxx/CVE-2011-1024.json +++ b/2011/1xxx/CVE-2011-1024.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openldap-announce] 20110212 OpenLDAP 2.4.24 available", - "refsource" : "MLIST", - "url" : "http://www.openldap.org/lists/openldap-announce/201102/msg00000.html" - }, - { - "name" : "[openldap-technical] 20100429 ppolicy master/slave issue", - "refsource" : "MLIST", - "url" : "http://www.openldap.org/lists/openldap-technical/201004/msg00247.html" - }, - { - "name" : "[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/24/12" - }, - { - "name" : "[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/25/13" - }, - { - "name" : "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0" - }, - { - "name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=674985", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=674985" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680466" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "GLSA-201406-36", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml" - }, - { - "name" : "MDVSA-2011:055", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:055" - }, - { - "name" : "MDVSA-2011:056", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:056" - }, - { - "name" : "RHSA-2011:0346", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0346.html" - }, - { - "name" : "RHSA-2011:0347", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0347.html" - }, - { - "name" : "USN-1100-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1100-1" - }, - { - "name" : "1025188", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025188" - }, - { - "name" : "43331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43331" - }, - { - "name" : "43708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43708" - }, - { - "name" : "43718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43718" - }, - { - "name" : "ADV-2011-0665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-36", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml" + }, + { + "name": "RHSA-2011:0346", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0346.html" + }, + { + "name": "1025188", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025188" + }, + { + "name": "43708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43708" + }, + { + "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607" + }, + { + "name": "[openldap-technical] 20100429 ppolicy master/slave issue", + "refsource": "MLIST", + "url": "http://www.openldap.org/lists/openldap-technical/201004/msg00247.html" + }, + { + "name": "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0" + }, + { + "name": "[openldap-announce] 20110212 OpenLDAP 2.4.24 available", + "refsource": "MLIST", + "url": "http://www.openldap.org/lists/openldap-announce/201102/msg00000.html" + }, + { + "name": "MDVSA-2011:056", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:056" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=674985", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=674985" + }, + { + "name": "[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/25/13" + }, + { + "name": "RHSA-2011:0347", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0347.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "MDVSA-2011:055", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:055" + }, + { + "name": "43718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43718" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680466", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680466" + }, + { + "name": "[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/24/12" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735" + }, + { + "name": "USN-1100-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1100-1" + }, + { + "name": "ADV-2011-0665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0665" + }, + { + "name": "43331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43331" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1106.json b/2011/1xxx/CVE-2011-1106.json index 2f509ab76c6..03d5a802672 100644 --- a/2011/1xxx/CVE-2011-1106.json +++ b/2011/1xxx/CVE-2011-1106.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110222 Re: Domino Sametime Multiple Reflected Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html" - }, - { - "name" : "46481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46481" - }, - { - "name" : "43430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43430" - }, - { - "name" : "sametime-stcenter-xss(65555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sametime-stcenter-xss(65555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65555" + }, + { + "name": "20110222 Re: Domino Sametime Multiple Reflected Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html" + }, + { + "name": "46481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46481" + }, + { + "name": "43430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43430" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1117.json b/2011/1xxx/CVE-2011-1117.json index 3ac1be9b91d..5f72c436858 100644 --- a/2011/1xxx/CVE-2011-1117.json +++ b/2011/1xxx/CVE-2011-1117.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale nodes.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=71386", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=71386" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" - }, - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "46614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46614" - }, - { - "name" : "oval:org.mitre.oval:def:14487", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14487" - }, - { - "name" : "google-chrome-xhtml-dos(65735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale nodes.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14487", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14487" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=71386", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=71386" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "46614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46614" + }, + { + "name": "google-chrome-xhtml-dos(65735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65735" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1646.json b/2011/1xxx/CVE-2011-1646.json index 5ca34ff9aea..74dd62de6d4 100644 --- a/2011/1xxx/CVE-2011-1646.json +++ b/2011/1xxx/CVE-2011-1646.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml" - }, - { - "name" : "1025565", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml" + }, + { + "name": "1025565", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025565" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1870.json b/2011/1xxx/CVE-2011-1870.json index 024ff373812..c27e5d2fea0 100644 --- a/2011/1xxx/CVE-2011-1870.json +++ b/2011/1xxx/CVE-2011-1870.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "48605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48605" - }, - { - "name" : "73795", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73795" - }, - { - "name" : "oval:org.mitre.oval:def:12889", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "48605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48605" + }, + { + "name": "oval:org.mitre.oval:def:12889", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12889" + }, + { + "name": "MS11-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056" + }, + { + "name": "73795", + "refsource": "OSVDB", + "url": "http://osvdb.org/73795" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5140.json b/2011/5xxx/CVE-2011-5140.json index 4438ff7541a..c7389d49bed 100644 --- a/2011/5xxx/CVE-2011-5140.json +++ b/2011/5xxx/CVE-2011-5140.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18288", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18288" - }, - { - "name" : "78071", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78071" - }, - { - "name" : "78080", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78080" - }, - { - "name" : "78081", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78081" - }, - { - "name" : "78082", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78082" - }, - { - "name" : "78083", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78083" - }, - { - "name" : "47337", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47337" - }, - { - "name" : "diycms-mod-sql-injection(72022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78081", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78081" + }, + { + "name": "47337", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47337" + }, + { + "name": "78083", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78083" + }, + { + "name": "78071", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78071" + }, + { + "name": "18288", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18288" + }, + { + "name": "78080", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78080" + }, + { + "name": "diycms-mod-sql-injection(72022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72022" + }, + { + "name": "78082", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78082" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3055.json b/2014/3xxx/CVE-2014-3055.json index 826c413f84f..b2aae980c1a 100644 --- a/2014/3xxx/CVE-2014-3055.json +++ b/2014/3xxx/CVE-2014-3055.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032" - }, - { - "name" : "PI18909", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909" - }, - { - "name" : "60499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60499" - }, - { - "name" : "ibm-wsputl-cve20143055-sqli(93529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60499" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032" + }, + { + "name": "ibm-wsputl-cve20143055-sqli(93529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529" + }, + { + "name": "PI18909", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3373.json b/2014/3xxx/CVE-2014-3373.json index 25f64d9e1d0..aa854efa408 100644 --- a/2014/3xxx/CVE-2014-3373.json +++ b/2014/3xxx/CVE-2014-3373.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294" - }, - { - "name" : "20141030 Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373" - }, - { - "name" : "70848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70848" - }, - { - "name" : "1031161", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031161" - }, - { - "name" : "59692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59692" - }, - { - "name" : "cisco-ucm-cve20143373-xss(98406)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141030 Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373" + }, + { + "name": "59692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59692" + }, + { + "name": "70848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70848" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294" + }, + { + "name": "1031161", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031161" + }, + { + "name": "cisco-ucm-cve20143373-xss(98406)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3449.json b/2014/3xxx/CVE-2014-3449.json index 902bacac30d..32a365c5eca 100644 --- a/2014/3xxx/CVE-2014-3449.json +++ b/2014/3xxx/CVE-2014-3449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3606.json b/2014/3xxx/CVE-2014-3606.json index edd91d5b77d..20ee496a04a 100644 --- a/2014/3xxx/CVE-2014-3606.json +++ b/2014/3xxx/CVE-2014-3606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3784.json b/2014/3xxx/CVE-2014-3784.json index d672778fb20..ba2bdd96ecb 100644 --- a/2014/3xxx/CVE-2014-3784.json +++ b/2014/3xxx/CVE-2014-3784.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3784", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3784", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3967.json b/2014/3xxx/CVE-2014-3967.json index 9e9375476a4..aa4ca1969d5 100644 --- a/2014/3xxx/CVE-2014-3967.json +++ b/2014/3xxx/CVE-2014-3967.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/04/13" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-96.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-96.html" - }, - { - "name" : "FEDORA-2014-7408", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html" - }, - { - "name" : "FEDORA-2014-7423", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html" - }, - { - "name" : "GLSA-201504-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-04" - }, - { - "name" : "openSUSE-SU-2014:1279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:1281", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" - }, - { - "name" : "67794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67794" - }, - { - "name" : "1030322", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201504-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-04" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-96.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-96.html" + }, + { + "name": "openSUSE-SU-2014:1281", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" + }, + { + "name": "openSUSE-SU-2014:1279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" + }, + { + "name": "FEDORA-2014-7423", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html" + }, + { + "name": "FEDORA-2014-7408", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html" + }, + { + "name": "1030322", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030322" + }, + { + "name": "67794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67794" + }, + { + "name": "[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/04/13" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6253.json b/2014/6xxx/CVE-2014-6253.json index 1d850d3ae8d..48882b0c1b5 100644 --- a/2014/6xxx/CVE-2014-6253.json +++ b/2014/6xxx/CVE-2014-6253.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7100.json b/2014/7xxx/CVE-2014-7100.json index 0dda94bdc4f..fc3db2b4cc6 100644 --- a/2014/7xxx/CVE-2014-7100.json +++ b/2014/7xxx/CVE-2014-7100.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#853273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/853273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#853273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/853273" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7109.json b/2014/7xxx/CVE-2014-7109.json index 204733d68d8..beae8b50dc4 100644 --- a/2014/7xxx/CVE-2014-7109.json +++ b/2014/7xxx/CVE-2014-7109.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#483497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/483497" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#483497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/483497" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7160.json b/2014/7xxx/CVE-2014-7160.json index d390261c1a9..2dbc5cd0b10 100644 --- a/2014/7xxx/CVE-2014-7160.json +++ b/2014/7xxx/CVE-2014-7160.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7160", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7160", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7807.json b/2014/7xxx/CVE-2014-7807.json index b2c8c91889a..efe5481586a 100644 --- a/2014/7xxx/CVE-2014-7807.json +++ b/2014/7xxx/CVE-2014-7807.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141208 [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534176/100/0/threaded" - }, - { - "name" : "http://support.citrix.com/article/CTX200285", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX200285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.citrix.com/article/CTX200285", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX200285" + }, + { + "name": "20141208 [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534176/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8500.json b/2014/8xxx/CVE-2014-8500.json index 3f5dbec8266..53d62fab7da 100644 --- a/2014/8xxx/CVE-2014-8500.json +++ b/2014/8xxx/CVE-2014-8500.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html", - "refsource" : "MISC", - "url" : "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html" - }, - { - "name" : "https://kb.isc.org/article/AA-01216/", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01216/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0524.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0524.html" - }, - { - "name" : "https://support.apple.com/HT205219", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205219" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676" - }, - { - "name" : "APPLE-SA-2015-09-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html" - }, - { - "name" : "DSA-3094", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3094" - }, - { - "name" : "GLSA-201502-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-03.xml" - }, - { - "name" : "HPSBUX03235", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142180687100892&w=2" - }, - { - "name" : "SSRT101750", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142180687100892&w=2" - }, - { - "name" : "HPSBUX03400", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144000632319155&w=2" - }, - { - "name" : "SSRT102211", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144000632319155&w=2" - }, - { - "name" : "MDVSA-2015:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165" - }, - { - "name" : "NetBSD-SA2015-002", - "refsource" : "NETBSD", - "url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc" - }, - { - "name" : "RHSA-2016:0078", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0078.html" - }, - { - "name" : "SUSE-SU-2015:0011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:0096", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html" - }, - { - "name" : "SUSE-SU-2015:0480", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html" - }, - { - "name" : "SUSE-SU-2015:0488", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html" - }, - { - "name" : "USN-2437-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2437-1" - }, - { - "name" : "VU#264212", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/264212" - }, - { - "name" : "71590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71590" - }, - { - "name" : "1031311", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1031311" - }, - { - "name" : "62122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62122" - }, - { - "name" : "62064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "HPSBUX03235", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142180687100892&w=2" + }, + { + "name": "GLSA-201502-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-03.xml" + }, + { + "name": "62122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62122" + }, + { + "name": "NetBSD-SA2015-002", + "refsource": "NETBSD", + "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc" + }, + { + "name": "https://kb.isc.org/article/AA-01216/", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01216/" + }, + { + "name": "MDVSA-2015:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165" + }, + { + "name": "openSUSE-SU-2015:1250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html" + }, + { + "name": "SUSE-SU-2015:0480", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html" + }, + { + "name": "62064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62064" + }, + { + "name": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html", + "refsource": "MISC", + "url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676" + }, + { + "name": "DSA-3094", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3094" + }, + { + "name": "1031311", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1031311" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0524.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0524.html" + }, + { + "name": "SUSE-SU-2015:0488", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html" + }, + { + "name": "VU#264212", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/264212" + }, + { + "name": "71590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71590" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "SUSE-SU-2015:0096", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html" + }, + { + "name": "SUSE-SU-2015:0011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html" + }, + { + "name": "USN-2437-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2437-1" + }, + { + "name": "HPSBUX03400", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144000632319155&w=2" + }, + { + "name": "APPLE-SA-2015-09-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html" + }, + { + "name": "RHSA-2016:0078", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html" + }, + { + "name": "https://support.apple.com/HT205219", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205219" + }, + { + "name": "SSRT101750", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142180687100892&w=2" + }, + { + "name": "SSRT102211", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144000632319155&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8651.json b/2014/8xxx/CVE-2014-8651.json index ca4d12750b6..aa69f566999 100644 --- a/2014/8xxx/CVE-2014-8651.json +++ b/2014/8xxx/CVE-2014-8651.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141104 Privilege Escalation via KDE Clock KCM polkit helper", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/04/9" - }, - { - "name" : "[oss-security] 20141106 Re: Privilege Escalation via KDE Clock KCM polkit helper", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/07/3" - }, - { - "name" : "https://www.kde.org/info/security/advisory-20141106-1.txt", - "refsource" : "CONFIRM", - "url" : "https://www.kde.org/info/security/advisory-20141106-1.txt" - }, - { - "name" : "FEDORA-2014-14813", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html" - }, - { - "name" : "FEDORA-2014-14865", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html" - }, - { - "name" : "FEDORA-2014-14895", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html" - }, - { - "name" : "GLSA-201512-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-12" - }, - { - "name" : "USN-2402-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2402-1" - }, - { - "name" : "70904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2014-14813", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html" + }, + { + "name": "[oss-security] 20141104 Privilege Escalation via KDE Clock KCM polkit helper", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/04/9" + }, + { + "name": "GLSA-201512-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-12" + }, + { + "name": "https://www.kde.org/info/security/advisory-20141106-1.txt", + "refsource": "CONFIRM", + "url": "https://www.kde.org/info/security/advisory-20141106-1.txt" + }, + { + "name": "USN-2402-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2402-1" + }, + { + "name": "FEDORA-2014-14895", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html" + }, + { + "name": "[oss-security] 20141106 Re: Privilege Escalation via KDE Clock KCM polkit helper", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/07/3" + }, + { + "name": "FEDORA-2014-14865", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html" + }, + { + "name": "70904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70904" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8815.json b/2014/8xxx/CVE-2014-8815.json index 7cef89f090a..d992937e750 100644 --- a/2014/8xxx/CVE-2014-8815.json +++ b/2014/8xxx/CVE-2014-8815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8815", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8815", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2389.json b/2016/2xxx/CVE-2016-2389.json index 1209af4f5d9..f305d3f0828 100644 --- a/2016/2xxx/CVE-2016-2389.json +++ b/2016/2xxx/CVE-2016-2389.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39837", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39837/" - }, - { - "name" : "20160517 [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/May/40" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/" - }, - { - "name" : "http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160517 [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/May/40" + }, + { + "name": "http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html" + }, + { + "name": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/" + }, + { + "name": "https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/" + }, + { + "name": "39837", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39837/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2989.json b/2016/2xxx/CVE-2016-2989.json index 98aecafca2c..4320ecb3124 100644 --- a/2016/2xxx/CVE-2016-2989.json +++ b/2016/2xxx/CVE-2016-2989.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986393", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986393" - }, - { - "name" : "92344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92344" - }, - { - "name" : "1036498", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92344" + }, + { + "name": "1036498", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036498" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986393", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986393" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6030.json b/2016/6xxx/CVE-2016-6030.json index 769174ce3c9..d1187aeb794 100644 --- a/2016/6xxx/CVE-2016-6030.json +++ b/2016/6xxx/CVE-2016-6030.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.1.6" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.1.6" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg21996097", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg21996097" - }, - { - "name" : "95110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95110" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg21996097", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6052.json b/2016/6xxx/CVE-2016-6052.json index d423af82e76..d39a3530c7a 100644 --- a/2016/6xxx/CVE-2016-6052.json +++ b/2016/6xxx/CVE-2016-6052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6737.json b/2016/6xxx/CVE-2016-6737.json index e43c77858c0..00c309e5931 100644 --- a/2016/6xxx/CVE-2016-6737.json +++ b/2016/6xxx/CVE-2016-6737.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94202" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6823.json b/2016/6xxx/CVE-2016-6823.json index 73dbfc35309..6b6066c817f 100644 --- a/2016/6xxx/CVE-2016-6823.json +++ b/2016/6xxx/CVE-2016-6823.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160926 CVE-2016-6823 - ImageMagick BMP Coder Out-Of-Bounds Write Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/26/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323" - }, - { - "name" : "93158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504" + }, + { + "name": "93158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93158" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323" + }, + { + "name": "[oss-security] 20160926 CVE-2016-6823 - ImageMagick BMP Coder Out-Of-Bounds Write Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/26/3" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18053.json b/2017/18xxx/CVE-2017-18053.json index 150d7f28bd2..b7f7aad98ed 100644 --- a/2017/18xxx/CVE-2017-18053.json +++ b/2017/18xxx/CVE-2017-18053.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-18053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-18053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5010.json b/2017/5xxx/CVE-2017-5010.json index d2ed7826195..8846410fb7c 100644 --- a/2017/5xxx/CVE-2017-5010.json +++ b/2017/5xxx/CVE-2017-5010.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/663476", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/663476" - }, - { - "name" : "DSA-3776", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3776" - }, - { - "name" : "GLSA-201701-66", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-66" - }, - { - "name" : "RHSA-2017:0206", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html" - }, - { - "name" : "95792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95792" - }, - { - "name" : "1037718", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95792" + }, + { + "name": "https://crbug.com/663476", + "refsource": "CONFIRM", + "url": "https://crbug.com/663476" + }, + { + "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201701-66", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-66" + }, + { + "name": "RHSA-2017:0206", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html" + }, + { + "name": "1037718", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037718" + }, + { + "name": "DSA-3776", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3776" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5135.json b/2017/5xxx/CVE-2017-5135.json index 7cb07f41929..5708c89dad0 100644 --- a/2017/5xxx/CVE-2017-5135.json +++ b/2017/5xxx/CVE-2017-5135.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://stringbleed.github.io/", - "refsource" : "MISC", - "url" : "https://stringbleed.github.io/" - }, - { - "name" : "https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/", - "refsource" : "MISC", - "url" : "https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/" - }, - { - "name" : "98092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://stringbleed.github.io/", + "refsource": "MISC", + "url": "https://stringbleed.github.io/" + }, + { + "name": "98092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98092" + }, + { + "name": "https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/", + "refsource": "MISC", + "url": "https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5419.json b/2017/5xxx/CVE-2017-5419.json index 8d9f1613087..7176d292e6d 100644 --- a/2017/5xxx/CVE-2017-5419.json +++ b/2017/5xxx/CVE-2017-5419.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Repeated authentication prompts lead to DOS attack" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1312243", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1312243" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "96692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96692" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Repeated authentication prompts lead to DOS attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312243", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312243" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "96692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96692" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5914.json b/2017/5xxx/CVE-2017-5914.json index e46aa7beb05..4879f61c2a3 100644 --- a/2017/5xxx/CVE-2017-5914.json +++ b/2017/5xxx/CVE-2017-5914.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file