From 0c03322d2e58a9489ef1605221c0370636493e39 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:03:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0380.json | 170 ++++++------- 2006/0xxx/CVE-2006-0522.json | 180 +++++++------- 2006/0xxx/CVE-2006-0899.json | 200 +++++++-------- 2006/0xxx/CVE-2006-0998.json | 200 +++++++-------- 2006/1xxx/CVE-2006-1537.json | 290 +++++++++++----------- 2006/1xxx/CVE-2006-1783.json | 130 +++++----- 2006/3xxx/CVE-2006-3082.json | 440 ++++++++++++++++----------------- 2006/3xxx/CVE-2006-3171.json | 170 ++++++------- 2006/3xxx/CVE-2006-3339.json | 160 ++++++------ 2006/3xxx/CVE-2006-3668.json | 210 ++++++++-------- 2006/4xxx/CVE-2006-4121.json | 160 ++++++------ 2006/4xxx/CVE-2006-4304.json | 210 ++++++++-------- 2006/4xxx/CVE-2006-4454.json | 160 ++++++------ 2006/4xxx/CVE-2006-4861.json | 130 +++++----- 2010/2xxx/CVE-2010-2142.json | 140 +++++------ 2010/2xxx/CVE-2010-2240.json | 320 ++++++++++++------------ 2010/2xxx/CVE-2010-2425.json | 150 +++++------ 2010/2xxx/CVE-2010-2723.json | 130 +++++----- 2010/3xxx/CVE-2010-3067.json | 390 ++++++++++++++--------------- 2010/3xxx/CVE-2010-3723.json | 34 +-- 2010/3xxx/CVE-2010-3845.json | 140 +++++------ 2010/3xxx/CVE-2010-3885.json | 34 +-- 2010/4xxx/CVE-2010-4855.json | 150 +++++------ 2010/4xxx/CVE-2010-4989.json | 140 +++++------ 2011/0xxx/CVE-2011-0635.json | 170 ++++++------- 2011/1xxx/CVE-2011-1025.json | 260 +++++++++---------- 2011/1xxx/CVE-2011-1193.json | 170 ++++++------- 2011/1xxx/CVE-2011-1815.json | 180 +++++++------- 2011/1xxx/CVE-2011-1891.json | 140 +++++------ 2011/5xxx/CVE-2011-5080.json | 150 +++++------ 2014/3xxx/CVE-2014-3018.json | 130 +++++----- 2014/3xxx/CVE-2014-3071.json | 160 ++++++------ 2014/3xxx/CVE-2014-3283.json | 160 ++++++------ 2014/3xxx/CVE-2014-3410.json | 120 ++++----- 2014/6xxx/CVE-2014-6356.json | 120 ++++----- 2014/6xxx/CVE-2014-6818.json | 140 +++++------ 2014/6xxx/CVE-2014-6853.json | 140 +++++------ 2014/7xxx/CVE-2014-7697.json | 140 +++++------ 2014/7xxx/CVE-2014-7917.json | 130 +++++----- 2014/7xxx/CVE-2014-7970.json | 270 ++++++++++---------- 2014/8xxx/CVE-2014-8092.json | 230 ++++++++--------- 2014/8xxx/CVE-2014-8767.json | 250 +++++++++---------- 2014/8xxx/CVE-2014-8799.json | 160 ++++++------ 2014/8xxx/CVE-2014-8859.json | 34 +-- 2014/9xxx/CVE-2014-9828.json | 140 +++++------ 2016/2xxx/CVE-2016-2169.json | 122 ++++----- 2016/2xxx/CVE-2016-2471.json | 120 ++++----- 2016/2xxx/CVE-2016-2644.json | 34 +-- 2016/2xxx/CVE-2016-2898.json | 34 +-- 2016/2xxx/CVE-2016-2992.json | 208 ++++++++-------- 2016/6xxx/CVE-2016-6610.json | 140 +++++------ 2016/6xxx/CVE-2016-6886.json | 140 +++++------ 2017/18xxx/CVE-2017-18351.json | 34 +-- 2017/5xxx/CVE-2017-5005.json | 150 +++++------ 2017/5xxx/CVE-2017-5163.json | 130 +++++----- 55 files changed, 4472 insertions(+), 4472 deletions(-) diff --git a/2006/0xxx/CVE-2006-0380.json b/2006/0xxx/CVE-2006-0380.json index 79da19efb03..2db2973709e 100644 --- a/2006/0xxx/CVE-2006-0380.json +++ b/2006/0xxx/CVE-2006-0380.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2006-0380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-06:06", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc" - }, - { - "name" : "16373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16373" - }, - { - "name" : "22731", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22731" - }, - { - "name" : "1015541", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015541" - }, - { - "name" : "18599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18599" - }, - { - "name" : "bsd-buffer-length-disclosure(24340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-06:06", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc" + }, + { + "name": "18599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18599" + }, + { + "name": "1015541", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015541" + }, + { + "name": "22731", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22731" + }, + { + "name": "bsd-buffer-length-disclosure(24340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24340" + }, + { + "name": "16373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16373" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0522.json b/2006/0xxx/CVE-2006-0522.json index 3a7d0e7d5a2..0f664467eb7 100644 --- a/2006/0xxx/CVE-2006-0522.json +++ b/2006/0xxx/CVE-2006-0522.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html" - }, - { - "name" : "16452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16452" - }, - { - "name" : "ADV-2006-0402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0402" - }, - { - "name" : "22883", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22883" - }, - { - "name" : "1015561", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015561" - }, - { - "name" : "18689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18689" - }, - { - "name" : "symantec-sms-sql-injection(24413)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015561", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015561" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html" + }, + { + "name": "16452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16452" + }, + { + "name": "18689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18689" + }, + { + "name": "symantec-sms-sql-injection(24413)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24413" + }, + { + "name": "22883", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22883" + }, + { + "name": "ADV-2006-0402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0402" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0899.json b/2006/0xxx/CVE-2006-0899.json index 61ef24a4c50..f8ea8495c65 100644 --- a/2006/0xxx/CVE-2006-0899.json +++ b/2006/0xxx/CVE-2006-0899.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via \"..\" (dot dot) sequences in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060301 4images <=1.7.1 remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426468/100/0/threaded" - }, - { - "name" : "1533", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1533" - }, - { - "name" : "http://retrogod.altervista.org/4images_171_adv.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/4images_171_adv.html" - }, - { - "name" : "16855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16855" - }, - { - "name" : "ADV-2006-0754", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0754" - }, - { - "name" : "23529", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23529" - }, - { - "name" : "19026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19026" - }, - { - "name" : "518", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/518" - }, - { - "name" : "4images-template-file-include(24938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via \"..\" (dot dot) sequences in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19026" + }, + { + "name": "4images-template-file-include(24938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24938" + }, + { + "name": "1533", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1533" + }, + { + "name": "518", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/518" + }, + { + "name": "http://retrogod.altervista.org/4images_171_adv.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/4images_171_adv.html" + }, + { + "name": "20060301 4images <=1.7.1 remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426468/100/0/threaded" + }, + { + "name": "23529", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23529" + }, + { + "name": "ADV-2006-0754", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0754" + }, + { + "name": "16855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16855" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0998.json b/2006/0xxx/CVE-2006-0998.json index d83f9d6e6f5..99c563f8390 100644 --- a/2006/0xxx/CVE-2006-0998.json +++ b/2006/0xxx/CVE-2006-0998.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "17176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17176" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "ADV-2006-1043", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1043" - }, - { - "name" : "24047", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24047" - }, - { - "name" : "1015799", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015799" - }, - { - "name" : "19324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19324" - }, - { - "name" : "netware-nile-weak-encryption(25381)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1043", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1043" + }, + { + "name": "1015799", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015799" + }, + { + "name": "24047", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24047" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm" + }, + { + "name": "netware-nile-weak-encryption(25381)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25381" + }, + { + "name": "19324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19324" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "17176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17176" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1537.json b/2006/1xxx/CVE-2006-1537.json index cd072e316a0..bd232ef71db 100644 --- a/2006/1xxx/CVE-2006-1537.json +++ b/2006/1xxx/CVE-2006-1537.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060329 Full path disclosure in Webcalendar 1.1.0-CVS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429267/100/0/threaded" - }, - { - "name" : "24522", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24522" - }, - { - "name" : "24523", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24523" - }, - { - "name" : "24524", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24524" - }, - { - "name" : "24525", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24525" - }, - { - "name" : "24526", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24526" - }, - { - "name" : "24527", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24527" - }, - { - "name" : "24528", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24528" - }, - { - "name" : "24529", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24529" - }, - { - "name" : "24530", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24530" - }, - { - "name" : "24531", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24531" - }, - { - "name" : "24532", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24532" - }, - { - "name" : "24533", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24533" - }, - { - "name" : "24534", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24534" - }, - { - "name" : "24535", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24535" - }, - { - "name" : "24536", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24536" - }, - { - "name" : "651", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/651" - }, - { - "name" : "webcalendar-multiple-path-disclosure(25539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24523", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24523" + }, + { + "name": "24535", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24535" + }, + { + "name": "651", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/651" + }, + { + "name": "24534", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24534" + }, + { + "name": "24526", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24526" + }, + { + "name": "20060329 Full path disclosure in Webcalendar 1.1.0-CVS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429267/100/0/threaded" + }, + { + "name": "24531", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24531" + }, + { + "name": "24529", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24529" + }, + { + "name": "24524", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24524" + }, + { + "name": "24528", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24528" + }, + { + "name": "24525", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24525" + }, + { + "name": "webcalendar-multiple-path-disclosure(25539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25539" + }, + { + "name": "24533", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24533" + }, + { + "name": "24532", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24532" + }, + { + "name": "24530", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24530" + }, + { + "name": "24527", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24527" + }, + { + "name": "24522", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24522" + }, + { + "name": "24536", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24536" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1783.json b/2006/1xxx/CVE-2006-1783.json index 4933b5f6ad3..65e6332ab45 100644 --- a/2006/1xxx/CVE-2006-1783.json +++ b/2006/1xxx/CVE-2006-1783.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060412 PatroNet CMS Xss Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430868/100/0/threaded" - }, - { - "name" : "17495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060412 PatroNet CMS Xss Vuln", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430868/100/0/threaded" + }, + { + "name": "17495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17495" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3082.json b/2006/3xxx/CVE-2006-3082.json index ad519d5eaeb..a86736a4dd6 100644 --- a/2006/3xxx/CVE-2006-3082.json +++ b/2006/3xxx/CVE-2006-3082.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060629 rPSA-2006-0120-1 gnupg", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438751/100/0/threaded" - }, - { - "name" : "20060531 GnuPG fun", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2006/May/0774.html" - }, - { - "name" : "20060601 Re: GnuPG fun", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2006/May/0789.html" - }, - { - "name" : "20060531 RE: GnuPG fun", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2006/May/0782.html" - }, - { - "name" : "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157", - "refsource" : "CONFIRM", - "url" : "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm" - }, - { - "name" : "DSA-1107", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1107" - }, - { - "name" : "DSA-1115", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1115" - }, - { - "name" : "MDKSA-2006:110", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110" - }, - { - "name" : "OpenPKG-SA-2006.010", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html" - }, - { - "name" : "RHSA-2006:0571", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0571.html" - }, - { - "name" : "20060701-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" - }, - { - "name" : "SSA:2006-178-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382" - }, - { - "name" : "SUSE-SR:2006:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_38_security.html" - }, - { - "name" : "SUSE-SR:2006:018", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_18_sr.html" - }, - { - "name" : "USN-304-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/304-1/" - }, - { - "name" : "18554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18554" - }, - { - "name" : "oval:org.mitre.oval:def:10089", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089" - }, - { - "name" : "ADV-2006-2450", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2450" - }, - { - "name" : "1016519", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016519" - }, - { - "name" : "20783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20783" - }, - { - "name" : "20829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20829" - }, - { - "name" : "20801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20801" - }, - { - "name" : "20811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20811" - }, - { - "name" : "20881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20881" - }, - { - "name" : "20899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20899" - }, - { - "name" : "20968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20968" - }, - { - "name" : "21063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21063" - }, - { - "name" : "21143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21143" - }, - { - "name" : "21137", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21137" - }, - { - "name" : "21135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21135" - }, - { - "name" : "21585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21585" - }, - { - "name" : "gnupg-parsepacket-bo(27245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20899" + }, + { + "name": "oval:org.mitre.oval:def:10089", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089" + }, + { + "name": "20968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20968" + }, + { + "name": "20881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20881" + }, + { + "name": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157", + "refsource": "CONFIRM", + "url": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157" + }, + { + "name": "20060629 rPSA-2006-0120-1 gnupg", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438751/100/0/threaded" + }, + { + "name": "20783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20783" + }, + { + "name": "DSA-1107", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1107" + }, + { + "name": "20811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20811" + }, + { + "name": "SUSE-SR:2006:018", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_18_sr.html" + }, + { + "name": "20060531 RE: GnuPG fun", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2006/May/0782.html" + }, + { + "name": "21063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21063" + }, + { + "name": "21135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21135" + }, + { + "name": "20829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20829" + }, + { + "name": "ADV-2006-2450", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2450" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm" + }, + { + "name": "20060601 Re: GnuPG fun", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2006/May/0789.html" + }, + { + "name": "20801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20801" + }, + { + "name": "20060531 GnuPG fun", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2006/May/0774.html" + }, + { + "name": "18554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18554" + }, + { + "name": "USN-304-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/304-1/" + }, + { + "name": "SUSE-SR:2006:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html" + }, + { + "name": "RHSA-2006:0571", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0571.html" + }, + { + "name": "MDKSA-2006:110", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110" + }, + { + "name": "DSA-1115", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1115" + }, + { + "name": "OpenPKG-SA-2006.010", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html" + }, + { + "name": "20060701-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" + }, + { + "name": "21137", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21137" + }, + { + "name": "21143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21143" + }, + { + "name": "21585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21585" + }, + { + "name": "1016519", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016519" + }, + { + "name": "SSA:2006-178-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382" + }, + { + "name": "gnupg-parsepacket-bo(27245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3171.json b/2006/3xxx/CVE-2006-3171.json index 707921f3898..5411901bf3f 100644 --- a/2006/3xxx/CVE-2006-3171.json +++ b/2006/3xxx/CVE-2006-3171.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.acid-root.new.fr/advisories/csforum081.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/csforum081.txt" - }, - { - "name" : "http://www.comscripts.com/scripts/php.cs-forum.643.html", - "refsource" : "CONFIRM", - "url" : "http://www.comscripts.com/scripts/php.cs-forum.643.html" - }, - { - "name" : "ADV-2006-2314", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2314" - }, - { - "name" : "26384", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26384" - }, - { - "name" : "20534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20534" - }, - { - "name" : "csforum-ajouter-header-injection(27177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26384", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26384" + }, + { + "name": "http://www.comscripts.com/scripts/php.cs-forum.643.html", + "refsource": "CONFIRM", + "url": "http://www.comscripts.com/scripts/php.cs-forum.643.html" + }, + { + "name": "20534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20534" + }, + { + "name": "csforum-ajouter-header-injection(27177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177" + }, + { + "name": "ADV-2006-2314", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2314" + }, + { + "name": "http://www.acid-root.new.fr/advisories/csforum081.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/csforum081.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3339.json b/2006/3xxx/CVE-2006-3339.json index 8a8d7308d94..80a4f8781b1 100644 --- a/2006/3xxx/CVE-2006-3339.json +++ b/2006/3xxx/CVE-2006-3339.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html" - }, - { - "name" : "http://jira.atlassian.com/browse/JRA-10542", - "refsource" : "CONFIRM", - "url" : "http://jira.atlassian.com/browse/JRA-10542" - }, - { - "name" : "ADV-2006-2472", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2472" - }, - { - "name" : "26745", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26745" - }, - { - "name" : "jira-projectid-info-disclosure(27235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2472", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2472" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html" + }, + { + "name": "jira-projectid-info-disclosure(27235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27235" + }, + { + "name": "26745", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26745" + }, + { + "name": "http://jira.atlassian.com/browse/JRA-10542", + "refsource": "CONFIRM", + "url": "http://jira.atlassian.com/browse/JRA-10542" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3668.json b/2006/3xxx/CVE-2006-3668.json index a3548462dc4..2822e16e10b 100644 --- a/2006/3xxx/CVE-2006-3668.json +++ b/2006/3xxx/CVE-2006-3668.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a \".it\" (Impulse Tracker) file with an envelope with a large number of nodes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/dumbit-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/dumbit-adv.txt" - }, - { - "name" : "DSA-1123", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1123" - }, - { - "name" : "GLSA-200608-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml" - }, - { - "name" : "19025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19025" - }, - { - "name" : "ADV-2006-2835", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2835" - }, - { - "name" : "21092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21092" - }, - { - "name" : "21184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21184" - }, - { - "name" : "21416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21416" - }, - { - "name" : "1240", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1240" - }, - { - "name" : "dumb-itreadenvelope-bo(27789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a \".it\" (Impulse Tracker) file with an envelope with a large number of nodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1123", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1123" + }, + { + "name": "21092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21092" + }, + { + "name": "1240", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1240" + }, + { + "name": "GLSA-200608-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml" + }, + { + "name": "21184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21184" + }, + { + "name": "http://aluigi.altervista.org/adv/dumbit-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/dumbit-adv.txt" + }, + { + "name": "19025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19025" + }, + { + "name": "21416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21416" + }, + { + "name": "ADV-2006-2835", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2835" + }, + { + "name": "dumb-itreadenvelope-bo(27789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27789" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4121.json b/2006/4xxx/CVE-2006-4121.json index 494650bb797..61a4e0bfd10 100644 --- a/2006/4xxx/CVE-2006-4121.json +++ b/2006/4xxx/CVE-2006-4121.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2155", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2155" - }, - { - "name" : "19443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19443" - }, - { - "name" : "ADV-2006-3233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3233" - }, - { - "name" : "21460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21460" - }, - { - "name" : "seecommerce-owimg-file-include(28302)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3233" + }, + { + "name": "21460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21460" + }, + { + "name": "seecommerce-owimg-file-include(28302)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28302" + }, + { + "name": "2155", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2155" + }, + { + "name": "19443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19443" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4304.json b/2006/4xxx/CVE-2006-4304.json index a33a71e1b74..72417559c8d 100644 --- a/2006/4xxx/CVE-2006-4304.json +++ b/2006/4xxx/CVE-2006-4304.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-06:08", - "refsource" : "FREEBSD", - "url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc" - }, - { - "name" : "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch", - "refsource" : "MISC", - "url" : "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch" - }, - { - "name" : "NetBSD-SA2006-019", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc" - }, - { - "name" : "[3.9] 20060902 009: SECURITY FIX: September 2, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#sppp" - }, - { - "name" : "[3.8] 20060902 014: SECURITY FIX: September 2, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata38.html#sppp" - }, - { - "name" : "19684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19684" - }, - { - "name" : "1016745", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016745" - }, - { - "name" : "21587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21587" - }, - { - "name" : "21731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21731" - }, - { - "name" : "sppp4-lcp-bo(28562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch", + "refsource": "MISC", + "url": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch" + }, + { + "name": "19684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19684" + }, + { + "name": "sppp4-lcp-bo(28562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28562" + }, + { + "name": "FreeBSD-SA-06:08", + "refsource": "FREEBSD", + "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc" + }, + { + "name": "[3.8] 20060902 014: SECURITY FIX: September 2, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata38.html#sppp" + }, + { + "name": "21731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21731" + }, + { + "name": "NetBSD-SA2006-019", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc" + }, + { + "name": "1016745", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016745" + }, + { + "name": "[3.9] 20060902 009: SECURITY FIX: September 2, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#sppp" + }, + { + "name": "21587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21587" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4454.json b/2006/4xxx/CVE-2006-4454.json index 8158e51dac7..acf5136bbfa 100644 --- a/2006/4xxx/CVE-2006-4454.json +++ b/2006/4xxx/CVE-2006-4454.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060829 XSS in HLStats 1.34", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0741.html" - }, - { - "name" : "19745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19745" - }, - { - "name" : "28238", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28238" - }, - { - "name" : "21635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21635" - }, - { - "name" : "hlstats-hlstats-xss(28619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21635" + }, + { + "name": "hlstats-hlstats-xss(28619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28619" + }, + { + "name": "28238", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28238" + }, + { + "name": "20060829 XSS in HLStats 1.34", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0741.html" + }, + { + "name": "19745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19745" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4861.json b/2006/4xxx/CVE-2006-4861.json index 2d2bfadae6e..a6e9ecf6da9 100644 --- a/2006/4xxx/CVE-2006-4861.json +++ b/2006/4xxx/CVE-2006-4861.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060914 Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446078/100/0/threaded" - }, - { - "name" : "1601", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1601", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1601" + }, + { + "name": "20060914 Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446078/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2142.json b/2010/2xxx/CVE-2010-2142.json index 019d03af0ac..fae1a06ce45 100644 --- a/2010/2xxx/CVE-2010-2142.json +++ b/2010/2xxx/CVE-2010-2142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt" - }, - { - "name" : "40357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40357" - }, - { - "name" : "cyberhost-default-sql-injection(58889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cyberhost-default-sql-injection(58889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58889" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt" + }, + { + "name": "40357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40357" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2240.json b/2010/2xxx/CVE-2010-2240.json index 48e5b7007eb..56ae48a7eea 100644 --- a/2010/2xxx/CVE-2010-2240.json +++ b/2010/2xxx/CVE-2010-2240.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517739/100/0/threaded" - }, - { - "name" : "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" - }, - { - "name" : "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf", - "refsource" : "MISC", - "url" : "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=606611", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=606611" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html" - }, - { - "name" : "DSA-2094", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2094" - }, - { - "name" : "MDVSA-2010:172", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172" - }, - { - "name" : "MDVSA-2010:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name" : "MDVSA-2011:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name" : "RHSA-2010:0661", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0661.html" - }, - { - "name" : "RHSA-2010:0660", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0660.html" - }, - { - "name" : "RHSA-2010:0670", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0670.html" - }, - { - "name" : "RHSA-2010:0882", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0882.html" - }, - { - "name" : "oval:org.mitre.oval:def:13247", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247" - }, - { - "name" : "1024344", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52" + }, + { + "name": "MDVSA-2010:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "name": "RHSA-2010:0670", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0670.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4" + }, + { + "name": "oval:org.mitre.oval:def:13247", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893" + }, + { + "name": "RHSA-2010:0660", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0660.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=606611", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=606611" + }, + { + "name": "RHSA-2010:0661", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0661.html" + }, + { + "name": "RHSA-2010:0882", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html" + }, + { + "name": "MDVSA-2011:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html" + }, + { + "name": "DSA-2094", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2094" + }, + { + "name": "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf", + "refsource": "MISC", + "url": "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf" + }, + { + "name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19" + }, + { + "name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded" + }, + { + "name": "MDVSA-2010:172", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172" + }, + { + "name": "1024344", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024344" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2425.json b/2010/2xxx/CVE-2010-2425.json index 4de70b54f37..6808a1f61e7 100644 --- a/2010/2xxx/CVE-2010-2425.json +++ b/2010/2xxx/CVE-2010-2425.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via \"..//\" sequences in a COMB command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100617 TitanFTP Server COMB directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511873/100/0/threaded" - }, - { - "name" : "40949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40949" - }, - { - "name" : "65622", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65622" - }, - { - "name" : "40237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via \"..//\" sequences in a COMB command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40237" + }, + { + "name": "40949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40949" + }, + { + "name": "20100617 TitanFTP Server COMB directory traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511873/100/0/threaded" + }, + { + "name": "65622", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65622" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2723.json b/2010/2xxx/CVE-2010-2723.json index 52ecdef6184..f8198b5d443 100644 --- a/2010/2xxx/CVE-2010-2723.json +++ b/2010/2xxx/CVE-2010-2723.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41503" - }, - { - "name" : "40529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41503" + }, + { + "name": "40529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40529" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3067.json b/2010/3xxx/CVE-2010-3067.json index 375458fb6fe..f9d688a8767 100644 --- a/2010/3xxx/CVE-2010-3067.json +++ b/2010/3xxx/CVE-2010-3067.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=75e1c70fc31490ef8a373ea2a4bea2524099b478", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=75e1c70fc31490ef8a373ea2a4bea2524099b478" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=629441", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=629441" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "MDVSA-2010:257", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "MDVSA-2011:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name" : "RHSA-2010:0758", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0758.html" - }, - { - "name" : "RHSA-2010:0779", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0779.html" - }, - { - "name" : "RHSA-2010:0839", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0839.html" - }, - { - "name" : "RHSA-2011:0007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html" - }, - { - "name" : "SUSE-SA:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" - }, - { - "name" : "SUSE-SA:2010:060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "42778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42778" - }, - { - "name" : "42801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42801" - }, - { - "name" : "42890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42890" - }, - { - "name" : "43291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43291" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "ADV-2011-0012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0012" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "ADV-2011-0375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0375" - }, - { - "name" : "kernel-doiosubmit-dos(61884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42778" + }, + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "42801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42801" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "SUSE-SA:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2" + }, + { + "name": "SUSE-SA:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" + }, + { + "name": "RHSA-2011:0007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=629441", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=629441" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "SUSE-SA:2010:060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "MDVSA-2011:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + }, + { + "name": "RHSA-2010:0839", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0839.html" + }, + { + "name": "MDVSA-2010:257", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "ADV-2011-0375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0375" + }, + { + "name": "42890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42890" + }, + { + "name": "ADV-2011-0012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0012" + }, + { + "name": "kernel-doiosubmit-dos(61884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61884" + }, + { + "name": "SUSE-SA:2011:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "RHSA-2010:0758", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0758.html" + }, + { + "name": "43291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43291" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=75e1c70fc31490ef8a373ea2a4bea2524099b478", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=75e1c70fc31490ef8a373ea2a4bea2524099b478" + }, + { + "name": "RHSA-2010:0779", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3723.json b/2010/3xxx/CVE-2010-3723.json index 3c99a349487..51ee20c519c 100644 --- a/2010/3xxx/CVE-2010-3723.json +++ b/2010/3xxx/CVE-2010-3723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3723", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3723", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3845.json b/2010/3xxx/CVE-2010-3845.json index 21136e2f0bc..b23e9252dc2 100644 --- a/2010/3xxx/CVE-2010-3845.json +++ b/2010/3xxx/CVE-2010-3845.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101013 Re: CVE request: Apache-AuthenHook perl module", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2010/q4/63" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712" - }, - { - "name" : "https://rt.cpan.org/Public/Bug/Display.html?id=62040", - "refsource" : "CONFIRM", - "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=62040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712" + }, + { + "name": "[oss-security] 20101013 Re: CVE request: Apache-AuthenHook perl module", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2010/q4/63" + }, + { + "name": "https://rt.cpan.org/Public/Bug/Display.html?id=62040", + "refsource": "CONFIRM", + "url": "https://rt.cpan.org/Public/Bug/Display.html?id=62040" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3885.json b/2010/3xxx/CVE-2010-3885.json index df4c55ddebc..5e21a671374 100644 --- a/2010/3xxx/CVE-2010-3885.json +++ b/2010/3xxx/CVE-2010-3885.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3885", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3227. Reason: This candidate is a duplicate of CVE-2010-3227. Notes: All CVE users should reference CVE-2010-3227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3885", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3227. Reason: This candidate is a duplicate of CVE-2010-3227. Notes: All CVE users should reference CVE-2010-3227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4855.json b/2010/4xxx/CVE-2010-4855.json index d52d780f082..340134bbeb7 100644 --- a/2010/4xxx/CVE-2010-4855.json +++ b/2010/4xxx/CVE-2010-4855.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15218", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15218" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt" - }, - { - "name" : "41708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41708" - }, - { - "name" : "8414", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15218", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15218" + }, + { + "name": "http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt" + }, + { + "name": "8414", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8414" + }, + { + "name": "41708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41708" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4989.json b/2010/4xxx/CVE-2010-4989.json index 4ce8cc544be..1808b7beeb5 100644 --- a/2010/4xxx/CVE-2010-4989.json +++ b/2010/4xxx/CVE-2010-4989.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14192", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14192" - }, - { - "name" : "ADV-2010-1688", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1688" - }, - { - "name" : "ziggurat-main-sql-inection(60065)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ziggurat-main-sql-inection(60065)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60065" + }, + { + "name": "14192", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14192" + }, + { + "name": "ADV-2010-1688", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1688" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0635.json b/2011/0xxx/CVE-2011-0635.json index 01424034dd3..938f307705e 100644 --- a/2011/0xxx/CVE-2011-0635.json +++ b/2011/0xxx/CVE-2011-0635.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110118 Simploo CMS Community Edition - Remote PHP Code Execution Issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515809/100/0/threaded" - }, - { - "name" : "16016", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16016" - }, - { - "name" : "45906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45906" - }, - { - "name" : "70487", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70487" - }, - { - "name" : "42953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42953" - }, - { - "name" : "simploocms-ftpserver-code-execution(64826)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16016", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16016" + }, + { + "name": "45906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45906" + }, + { + "name": "70487", + "refsource": "OSVDB", + "url": "http://osvdb.org/70487" + }, + { + "name": "20110118 Simploo CMS Community Edition - Remote PHP Code Execution Issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515809/100/0/threaded" + }, + { + "name": "42953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42953" + }, + { + "name": "simploocms-ftpserver-code-execution(64826)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64826" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1025.json b/2011/1xxx/CVE-2011-1025.json index 7ae650a057b..55bca76a1c7 100644 --- a/2011/1xxx/CVE-2011-1025.json +++ b/2011/1xxx/CVE-2011-1025.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openldap-announce] 20110212 OpenLDAP 2.4.24 available", - "refsource" : "MLIST", - "url" : "http://www.openldap.org/lists/openldap-announce/201102/msg00000.html" - }, - { - "name" : "[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/24/12" - }, - { - "name" : "[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/25/13" - }, - { - "name" : "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8" - }, - { - "name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680472", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680472" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "GLSA-201406-36", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml" - }, - { - "name" : "MDVSA-2011:056", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:056" - }, - { - "name" : "RHSA-2011:0347", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0347.html" - }, - { - "name" : "USN-1100-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1100-1" - }, - { - "name" : "1025190", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025190" - }, - { - "name" : "43331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43331" - }, - { - "name" : "43718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43718" - }, - { - "name" : "ADV-2011-0665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-36", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml" + }, + { + "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661" + }, + { + "name": "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680472", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680472" + }, + { + "name": "1025190", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025190" + }, + { + "name": "[openldap-announce] 20110212 OpenLDAP 2.4.24 available", + "refsource": "MLIST", + "url": "http://www.openldap.org/lists/openldap-announce/201102/msg00000.html" + }, + { + "name": "MDVSA-2011:056", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:056" + }, + { + "name": "RHSA-2011:0347", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0347.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/25/13" + }, + { + "name": "43718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43718" + }, + { + "name": "[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/24/12" + }, + { + "name": "USN-1100-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1100-1" + }, + { + "name": "ADV-2011-0665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0665" + }, + { + "name": "43331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43331" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1193.json b/2011/1xxx/CVE-2011-1193.json index 2720c32e17b..43fab7c59b2 100644 --- a/2011/1xxx/CVE-2011-1193.json +++ b/2011/1xxx/CVE-2011-1193.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=70877", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=70877" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:14035", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14035" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-unspecified-security-bypass(65957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14035", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14035" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=70877", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=70877" + }, + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "google-unspecified-security-bypass(65957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65957" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1815.json b/2011/1xxx/CVE-2011-1815.json index 0e759ae7955..e8fb61794e1 100644 --- a/2011/1xxx/CVE-2011-1815.json +++ b/2011/1xxx/CVE-2011-1815.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-1815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=79862", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=79862" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" - }, - { - "name" : "48129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48129" - }, - { - "name" : "72785", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72785" - }, - { - "name" : "oval:org.mitre.oval:def:14728", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14728" - }, - { - "name" : "44829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44829" - }, - { - "name" : "chrome-tab-page-xss(67898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44829" + }, + { + "name": "oval:org.mitre.oval:def:14728", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14728" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=79862", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=79862" + }, + { + "name": "72785", + "refsource": "OSVDB", + "url": "http://osvdb.org/72785" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" + }, + { + "name": "48129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48129" + }, + { + "name": "chrome-tab-page-xss(67898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67898" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1891.json b/2011/1xxx/CVE-2011-1891.json index af8719f0718..8187dba632c 100644 --- a/2011/1xxx/CVE-2011-1891.json +++ b/2011/1xxx/CVE-2011-1891.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka \"Contact Details Reflected XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074" - }, - { - "name" : "TA11-256A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12864", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka \"Contact Details Reflected XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12864", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864" + }, + { + "name": "MS11-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074" + }, + { + "name": "TA11-256A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5080.json b/2011/5xxx/CVE-2011-5080.json index 063237c4f06..c4a2f089bac 100644 --- a/2011/5xxx/CVE-2011-5080.json +++ b/2011/5xxx/CVE-2011-5080.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" - }, - { - "name" : "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568", - "refsource" : "CONFIRM", - "url" : "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568" - }, - { - "name" : "51854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51854" - }, - { - "name" : "78800", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" + }, + { + "name": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568", + "refsource": "CONFIRM", + "url": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568" + }, + { + "name": "51854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51854" + }, + { + "name": "78800", + "refsource": "OSVDB", + "url": "http://osvdb.org/78800" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3018.json b/2014/3xxx/CVE-2014-3018.json index 54b2c149265..ba6ef2b4622 100644 --- a/2014/3xxx/CVE-2014-3018.json +++ b/2014/3xxx/CVE-2014-3018.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774" - }, - { - "name" : "ibm-bladecenter-cve20143018-dos(93052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774" + }, + { + "name": "ibm-bladecenter-cve20143018-dos(93052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93052" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3071.json b/2014/3xxx/CVE-2014-3071.json index 8bf2e560b5d..acb4c0bfdda 100644 --- a/2014/3xxx/CVE-2014-3071.json +++ b/2014/3xxx/CVE-2014-3071.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677719", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677719" - }, - { - "name" : "JR50453", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50453" - }, - { - "name" : "68781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68781" - }, - { - "name" : "59267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59267" - }, - { - "name" : "ibm-infosphere-cve20143071-xss(93786)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68781" + }, + { + "name": "ibm-infosphere-cve20143071-xss(93786)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93786" + }, + { + "name": "JR50453", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50453" + }, + { + "name": "59267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59267" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677719", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677719" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3283.json b/2014/3xxx/CVE-2014-3283.json index 84ec153d7ca..d3c1ad3a72e 100644 --- a/2014/3xxx/CVE-2014-3283.json +++ b/2014/3xxx/CVE-2014-3283.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34383", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34383" - }, - { - "name" : "20140527 Cisco Unified Communications Domain Manager Self-Care HTTP Redirect Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3283" - }, - { - "name" : "67665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67665" - }, - { - "name" : "1030306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030306" - }, - { - "name" : "58400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34383", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34383" + }, + { + "name": "1030306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030306" + }, + { + "name": "67665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67665" + }, + { + "name": "20140527 Cisco Unified Communications Domain Manager Self-Care HTTP Redirect Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3283" + }, + { + "name": "58400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58400" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3410.json b/2014/3xxx/CVE-2014-3410.json index 0cffcd4008f..1da61449ab7 100644 --- a/2014/3xxx/CVE-2014-3410.json +++ b/2014/3xxx/CVE-2014-3410.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141219 Cisco ASA Information Leak in Syslog Messages Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141219 Cisco ASA Information Leak in Syslog Messages Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3410" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6356.json b/2014/6xxx/CVE-2014-6356.json index 4bddd396c6e..1eca589e716 100644 --- a/2014/6xxx/CVE-2014-6356.json +++ b/2014/6xxx/CVE-2014-6356.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Invalid Index Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-081", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Invalid Index Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-081", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6818.json b/2014/6xxx/CVE-2014-6818.json index c569650eb15..d94717057e8 100644 --- a/2014/6xxx/CVE-2014-6818.json +++ b/2014/6xxx/CVE-2014-6818.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#536913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/536913" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#536913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/536913" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6853.json b/2014/6xxx/CVE-2014-6853.json index 0293fecf4df..dc7899bb634 100644 --- a/2014/6xxx/CVE-2014-6853.json +++ b/2014/6xxx/CVE-2014-6853.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#715905", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/715905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#715905", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/715905" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7697.json b/2014/7xxx/CVE-2014-7697.json index 02541af94d1..2458f530692 100644 --- a/2014/7xxx/CVE-2014-7697.json +++ b/2014/7xxx/CVE-2014-7697.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#203305", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/203305" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#203305", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/203305" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7917.json b/2014/7xxx/CVE-2014-7917.json index e2aa7ab2797..d93120ed906 100644 --- a/2014/7xxx/CVE-2014-7917.json +++ b/2014/7xxx/CVE-2014-7917.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf", - "refsource" : "MISC", - "url" : "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf", + "refsource": "MISC", + "url": "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7970.json b/2014/7xxx/CVE-2014-7970.json index 80bf356be79..14140e52264 100644 --- a/2014/7xxx/CVE-2014-7970.json +++ b/2014/7xxx/CVE-2014-7970.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-fsdevel] 20141008 [PATCH] mnt: Prevent pivot_root from creating a loop in the mount tree", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/linux-fsdevel/msg79153.html" - }, - { - "name" : "[oss-security] 20141008 CVE-2014-7970: Linux VFS denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/08/21" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151095", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151095" - }, - { - "name" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d" - }, - { - "name" : "RHSA-2017:1842", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1842" - }, - { - "name" : "RHSA-2017:2077", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2077" - }, - { - "name" : "SUSE-SU-2015:0736", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" - }, - { - "name" : "USN-2419-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2419-1" - }, - { - "name" : "USN-2420-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2420-1" - }, - { - "name" : "USN-2513-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2513-1" - }, - { - "name" : "USN-2514-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2514-1" - }, - { - "name" : "70319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70319" - }, - { - "name" : "1030991", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030991" - }, - { - "name" : "61142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61142" - }, - { - "name" : "60174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60174" - }, - { - "name" : "linux-kernel-cve20147970-dos(96921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:0736", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" + }, + { + "name": "70319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70319" + }, + { + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d" + }, + { + "name": "USN-2419-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2419-1" + }, + { + "name": "USN-2514-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2514-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1151095", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151095" + }, + { + "name": "60174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60174" + }, + { + "name": "[oss-security] 20141008 CVE-2014-7970: Linux VFS denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/08/21" + }, + { + "name": "USN-2420-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2420-1" + }, + { + "name": "RHSA-2017:2077", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2077" + }, + { + "name": "[linux-fsdevel] 20141008 [PATCH] mnt: Prevent pivot_root from creating a loop in the mount tree", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/linux-fsdevel/msg79153.html" + }, + { + "name": "RHSA-2017:1842", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1842" + }, + { + "name": "linux-kernel-cve20147970-dos(96921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96921" + }, + { + "name": "USN-2513-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2513-1" + }, + { + "name": "61142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61142" + }, + { + "name": "1030991", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030991" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8092.json b/2014/8xxx/CVE-2014-8092.json index 2bfc7bdcfba..6052ece8cf5 100644 --- a/2014/8xxx/CVE-2014-8092.json +++ b/2014/8xxx/CVE-2014-8092.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0532.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0532.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "DSA-3095", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3095" - }, - { - "name" : "GLSA-201504-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-06" - }, - { - "name" : "MDVSA-2015:119", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" - }, - { - "name" : "71595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71595" - }, - { - "name" : "62292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62292" - }, - { - "name" : "61947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3095", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3095" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" + }, + { + "name": "71595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71595" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0532.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0532.html" + }, + { + "name": "GLSA-201504-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-06" + }, + { + "name": "62292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62292" + }, + { + "name": "MDVSA-2015:119", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "61947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61947" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8767.json b/2014/8xxx/CVE-2014-8767.json index edc14abe7ca..b960318d18e 100644 --- a/2014/8xxx/CVE-2014-8767.json +++ b/2014/8xxx/CVE-2014-8767.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534011/100/0/threaded" - }, - { - "name" : "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/47" - }, - { - "name" : "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0503.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0503.html" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "DSA-3086", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3086" - }, - { - "name" : "MDVSA-2014:240", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240" - }, - { - "name" : "MDVSA-2015:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" - }, - { - "name" : "openSUSE-SU-2015:0284", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html" - }, - { - "name" : "USN-2433-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2433-1" - }, - { - "name" : "71150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71150" - }, - { - "name" : "tcpdump-cve20148767-dos(98765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2014:240", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240" + }, + { + "name": "MDVSA-2015:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" + }, + { + "name": "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html" + }, + { + "name": "openSUSE-SU-2015:0284", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html" + }, + { + "name": "tcpdump-cve20148767-dos(98765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98765" + }, + { + "name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534011/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/47" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "USN-2433-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2433-1" + }, + { + "name": "DSA-3086", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3086" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0503.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0503.html" + }, + { + "name": "71150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71150" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8799.json b/2014/8xxx/CVE-2014-8799.json index 3360f478dcc..5afdcc3fca5 100644 --- a/2014/8xxx/CVE-2014-8799.json +++ b/2014/8xxx/CVE-2014-8799.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35346", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35346" - }, - { - "name" : "http://security.szurek.pl/dukapress-252-path-traversal.html", - "refsource" : "MISC", - "url" : "http://security.szurek.pl/dukapress-252-path-traversal.html" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1024640/dukapress", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1024640/dukapress" - }, - { - "name" : "https://wordpress.org/plugins/dukapress/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/dukapress/changelog/" - }, - { - "name" : "dukapress-cve20148799-dir-traversal(98943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/dukapress/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/dukapress/changelog/" + }, + { + "name": "http://security.szurek.pl/dukapress-252-path-traversal.html", + "refsource": "MISC", + "url": "http://security.szurek.pl/dukapress-252-path-traversal.html" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1024640/dukapress", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1024640/dukapress" + }, + { + "name": "35346", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35346" + }, + { + "name": "dukapress-cve20148799-dir-traversal(98943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98943" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8859.json b/2014/8xxx/CVE-2014-8859.json index 32a80487794..a207e824bf2 100644 --- a/2014/8xxx/CVE-2014-8859.json +++ b/2014/8xxx/CVE-2014-8859.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8859", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8859", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9828.json b/2014/9xxx/CVE-2014-9828.json index 31aafbb1338..5a998eae8c0 100644 --- a/2014/9xxx/CVE-2014-9828.json +++ b/2014/9xxx/CVE-2014-9828.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343484", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343484", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343484" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2169.json b/2016/2xxx/CVE-2016-2169.json index 542bfc839a8..d78a658170e 100644 --- a/2016/2xxx/CVE-2016-2169.json +++ b/2016/2xxx/CVE-2016-2169.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2016-03-23T00:00:00", - "ID" : "CVE-2016-2169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Controller", - "version" : { - "version_data" : [ - { - "version_value" : "capi-release prior to 1.0.0, cf-release prior to v237" - } - ] - } - } - ] - }, - "vendor_name" : "Cloud Foundry" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Business logic" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2016-03-23T00:00:00", + "ID": "CVE-2016-2169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Controller", + "version": { + "version_data": [ + { + "version_value": "capi-release prior to 1.0.0, cf-release prior to v237" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cloudfoundry/cloud_controller_ng/issues/568", - "refsource" : "CONFIRM", - "url" : "https://github.com/cloudfoundry/cloud_controller_ng/issues/568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Business logic" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cloudfoundry/cloud_controller_ng/issues/568", + "refsource": "CONFIRM", + "url": "https://github.com/cloudfoundry/cloud_controller_ng/issues/568" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2471.json b/2016/2xxx/CVE-2016-2471.json index 9977328c781..f9af590b633 100644 --- a/2016/2xxx/CVE-2016-2471.json +++ b/2016/2xxx/CVE-2016-2471.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2644.json b/2016/2xxx/CVE-2016-2644.json index 7b8fd750076..1da9f2ed2f9 100644 --- a/2016/2xxx/CVE-2016-2644.json +++ b/2016/2xxx/CVE-2016-2644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2644", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2644", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2898.json b/2016/2xxx/CVE-2016-2898.json index 6096b482d99..84c32f51761 100644 --- a/2016/2xxx/CVE-2016-2898.json +++ b/2016/2xxx/CVE-2016-2898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2992.json b/2016/2xxx/CVE-2016-2992.json index 206dc2129d7..9856f1c2708 100644 --- a/2016/2xxx/CVE-2016-2992.json +++ b/2016/2xxx/CVE-2016-2992.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-2992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigInsights", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.0.1" - }, - { - "version_value" : "3.0.0.2" - }, - { - "version_value" : "1.1.0" - }, - { - "version_value" : "1.2.0" - }, - { - "version_value" : "1.3.0" - }, - { - "version_value" : "1.4.0" - }, - { - "version_value" : "2.0.0" - }, - { - "version_value" : "2.1.0" - }, - { - "version_value" : "2.1.1" - }, - { - "version_value" : "2.1.2" - }, - { - "version_value" : "4.0.0" - }, - { - "version_value" : "4.1.0" - }, - { - "version_value" : "4.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigInsights", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.0.1" + }, + { + "version_value": "3.0.0.2" + }, + { + "version_value": "1.1.0" + }, + { + "version_value": "1.2.0" + }, + { + "version_value": "1.3.0" + }, + { + "version_value": "1.4.0" + }, + { + "version_value": "2.0.0" + }, + { + "version_value": "2.1.0" + }, + { + "version_value": "2.1.1" + }, + { + "version_value": "2.1.2" + }, + { + "version_value": "4.0.0" + }, + { + "version_value": "4.1.0" + }, + { + "version_value": "4.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21987499", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21987499" - }, - { - "name" : "95979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95979" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21987499", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21987499" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6610.json b/2016/6xxx/CVE-2016-6610.json index eb9997c3e26..af07dc09493 100644 --- a/2016/6xxx/CVE-2016-6610.json +++ b/2016/6xxx/CVE-2016-6610.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-33", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-33" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "94118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-33", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-33" + }, + { + "name": "94118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94118" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6886.json b/2016/6xxx/CVE-2016-6886.json index eb7d15fd872..43f3325c6a3 100644 --- a/2016/6xxx/CVE-2016-6886.json +++ b/2016/6xxx/CVE-2016-6886.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html" - }, - { - "name" : "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4", - "refsource" : "CONFIRM", - "url" : "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4" - }, - { - "name" : "92604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4", + "refsource": "CONFIRM", + "url": "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4" + }, + { + "name": "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html" + }, + { + "name": "92604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92604" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18351.json b/2017/18xxx/CVE-2017-18351.json index 5a7ef93b7bb..96c1f6a1025 100644 --- a/2017/18xxx/CVE-2017-18351.json +++ b/2017/18xxx/CVE-2017-18351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5005.json b/2017/5xxx/CVE-2017-5005.json index 60d8f3edb95..5144dabaf98 100644 --- a/2017/5xxx/CVE-2017-5005.json +++ b/2017/5xxx/CVE-2017-5005.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/payatu/QuickHeal", - "refsource" : "MISC", - "url" : "https://github.com/payatu/QuickHeal" - }, - { - "name" : "https://www.youtube.com/watch?v=h9LOsv4XE00", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=h9LOsv4XE00" - }, - { - "name" : "95194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95194" - }, - { - "name" : "1037547", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95194" + }, + { + "name": "1037547", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037547" + }, + { + "name": "https://www.youtube.com/watch?v=h9LOsv4XE00", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=h9LOsv4XE00" + }, + { + "name": "https://github.com/payatu/QuickHeal", + "refsource": "MISC", + "url": "https://github.com/payatu/QuickHeal" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5163.json b/2017/5xxx/CVE-2017-5163.json index c36c64d1b3f..a85f7bf09fc 100644 --- a/2017/5xxx/CVE-2017-5163.json +++ b/2017/5xxx/CVE-2017-5163.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Belden Hirschmann GECKO 2.0.00 and prior", - "version" : { - "version_data" : [ - { - "version_value" : "Belden Hirschmann GECKO 2.0.00 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Belden Hirschmann GECKO path traversal" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Belden Hirschmann GECKO 2.0.00 and prior", + "version": { + "version_data": [ + { + "version_value": "Belden Hirschmann GECKO 2.0.00 and prior" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02" - }, - { - "name" : "95815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Belden Hirschmann GECKO path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95815" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02" + } + ] + } +} \ No newline at end of file