diff --git a/2006/0xxx/CVE-2006-0179.json b/2006/0xxx/CVE-2006-0179.json index 0d7fd1dcea9..8306aa592f1 100644 --- a/2006/0xxx/CVE-2006-0179.json +++ b/2006/0xxx/CVE-2006-0179.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1411", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1411" - }, - { - "name" : "20060113 Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl" - }, - { - "name" : "16200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16200" - }, - { - "name" : "ADV-2006-0202", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0202" - }, - { - "name" : "22469", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22469" - }, - { - "name" : "1015488", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015488" - }, - { - "name" : "18479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18479" - }, - { - "name" : "cisco-ipphone-synflood-dos(24117)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-ipphone-synflood-dos(24117)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24117" + }, + { + "name": "22469", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22469" + }, + { + "name": "ADV-2006-0202", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0202" + }, + { + "name": "20060113 Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml" + }, + { + "name": "1015488", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015488" + }, + { + "name": "18479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18479" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl" + }, + { + "name": "1411", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1411" + }, + { + "name": "16200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16200" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0345.json b/2006/0xxx/CVE-2006-0345.json index 8fdb8d71fb5..06d56f073f6 100644 --- a/2006/0xxx/CVE-2006-0345.json +++ b/2006/0xxx/CVE-2006-0345.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060118 [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-01/0372.html" - }, - { - "name" : "http://evuln.com/vulns/40/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/40/summary.html" - }, - { - "name" : "16306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16306" - }, - { - "name" : "22740", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22740" - }, - { - "name" : "1015517", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015517" - }, - { - "name" : "saralblog-search-sql-injection(24218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16306" + }, + { + "name": "22740", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22740" + }, + { + "name": "1015517", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015517" + }, + { + "name": "saralblog-search-sql-injection(24218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24218" + }, + { + "name": "20060118 [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0372.html" + }, + { + "name": "http://evuln.com/vulns/40/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/40/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0680.json b/2006/0xxx/CVE-2006-0680.json index 6bfe5c097a3..9ca2386dea9 100644 --- a/2006/0xxx/CVE-2006-0680.json +++ b/2006/0xxx/CVE-2006-0680.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.plainblack.com/getwebgui/advisories/webgui-6.8.6-gamma-released", - "refsource" : "CONFIRM", - "url" : "http://www.plainblack.com/getwebgui/advisories/webgui-6.8.6-gamma-released" - }, - { - "name" : "16612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16612" - }, - { - "name" : "ADV-2006-0541", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0541" - }, - { - "name" : "18819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18819" - }, - { - "name" : "webgui-anonymous-bypass-security(24695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18819" + }, + { + "name": "http://www.plainblack.com/getwebgui/advisories/webgui-6.8.6-gamma-released", + "refsource": "CONFIRM", + "url": "http://www.plainblack.com/getwebgui/advisories/webgui-6.8.6-gamma-released" + }, + { + "name": "16612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16612" + }, + { + "name": "webgui-anonymous-bypass-security(24695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24695" + }, + { + "name": "ADV-2006-0541", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0541" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3508.json b/2006/3xxx/CVE-2006-3508.json index a07364723e9..d9deac9f150 100644 --- a/2006/3xxx/CVE-2006-3508.json +++ b/2006/3xxx/CVE-2006-3508.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-09-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html" - }, - { - "name" : "VU#589540", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/589540" - }, - { - "name" : "20144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20144" - }, - { - "name" : "ADV-2006-3737", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3737" - }, - { - "name" : "1016903", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016903" - }, - { - "name" : "22068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22068" + }, + { + "name": "ADV-2006-3737", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3737" + }, + { + "name": "APPLE-SA-2006-09-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html" + }, + { + "name": "VU#589540", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/589540" + }, + { + "name": "1016903", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016903" + }, + { + "name": "20144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20144" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3887.json b/2006/3xxx/CVE-2006-3887.json index aa393cbb766..7be4ee1a264 100644 --- a/2006/3xxx/CVE-2006-3887.json +++ b/2006/3xxx/CVE-2006-3887.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-3887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8" - }, - { - "name" : "VU#154641", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/154641" - }, - { - "name" : "20425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20425" - }, - { - "name" : "ADV-2006-3967", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3967" - }, - { - "name" : "1017024", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017024" - }, - { - "name" : "22304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22304" - }, - { - "name" : "aol-ygp-screensaver-bo(29411)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3967", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3967" + }, + { + "name": "VU#154641", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/154641" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8" + }, + { + "name": "aol-ygp-screensaver-bo(29411)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29411" + }, + { + "name": "1017024", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017024" + }, + { + "name": "20425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20425" + }, + { + "name": "22304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22304" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4035.json b/2006/4xxx/CVE-2006-4035.json index 74bd6b36547..190abc38283 100644 --- a/2006/4xxx/CVE-2006-4035.json +++ b/2006/4xxx/CVE-2006-4035.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060803 CounterChaos <= 0.48c SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-08/0080.html" - }, - { - "name" : "http://www.frsirt.com/english/reference/17541", - "refsource" : "MISC", - "url" : "http://www.frsirt.com/english/reference/17541" - }, - { - "name" : "19344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19344" - }, - { - "name" : "ADV-2006-3153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3153" - }, - { - "name" : "21356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21356" - }, - { - "name" : "1350", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1350" - }, - { - "name" : "counterchaos-counterchaos-sql-injection(28222)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "counterchaos-counterchaos-sql-injection(28222)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28222" + }, + { + "name": "1350", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1350" + }, + { + "name": "http://www.frsirt.com/english/reference/17541", + "refsource": "MISC", + "url": "http://www.frsirt.com/english/reference/17541" + }, + { + "name": "20060803 CounterChaos <= 0.48c SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0080.html" + }, + { + "name": "ADV-2006-3153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3153" + }, + { + "name": "19344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19344" + }, + { + "name": "21356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21356" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4041.json b/2006/4xxx/CVE-2006-4041.json index 205d59f1f62..d946024f4b0 100644 --- a/2006/4xxx/CVE-2006-4041.json +++ b/2006/4xxx/CVE-2006-4041.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pike.ida.liu.se/download/notes/7.6.86.xml", - "refsource" : "CONFIRM", - "url" : "http://pike.ida.liu.se/download/notes/7.6.86.xml" - }, - { - "name" : "GLSA-200608-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-10.xml" - }, - { - "name" : "USN-367-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-367-1" - }, - { - "name" : "19367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19367" - }, - { - "name" : "ADV-2006-2209", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2209" - }, - { - "name" : "20494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20494" - }, - { - "name" : "21362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21362" - }, - { - "name" : "22481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22481" - }, - { - "name" : "pike-sql-injection(26992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200608-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-10.xml" + }, + { + "name": "20494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20494" + }, + { + "name": "19367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19367" + }, + { + "name": "USN-367-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-367-1" + }, + { + "name": "21362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21362" + }, + { + "name": "22481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22481" + }, + { + "name": "ADV-2006-2209", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2209" + }, + { + "name": "pike-sql-injection(26992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26992" + }, + { + "name": "http://pike.ida.liu.se/download/notes/7.6.86.xml", + "refsource": "CONFIRM", + "url": "http://pike.ida.liu.se/download/notes/7.6.86.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4139.json b/2006/4xxx/CVE-2006-4139.json index f2b8c9f9448..92826fdf84b 100644 --- a/2006/4xxx/CVE-2006-4139.json +++ b/2006/4xxx/CVE-2006-4139.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102569", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102569-1" - }, - { - "name" : "19493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19493" - }, - { - "name" : "ADV-2006-3274", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3274" - }, - { - "name" : "1016690", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016690" - }, - { - "name" : "21471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21471" - }, - { - "name" : "solaris-netstatifconfig-race-condition-dos(28373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19493" + }, + { + "name": "ADV-2006-3274", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3274" + }, + { + "name": "1016690", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016690" + }, + { + "name": "21471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21471" + }, + { + "name": "102569", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102569-1" + }, + { + "name": "solaris-netstatifconfig-race-condition-dos(28373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28373" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2483.json b/2010/2xxx/CVE-2010-2483.json index 074753ae7a2..73c30a9eeba 100644 --- a/2010/2xxx/CVE-2010-2483.json +++ b/2010/2xxx/CVE-2010-2483.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100623 CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127731610612908&w=2" - }, - { - "name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127738540902757&w=2" - }, - { - "name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127736307002102&w=2" - }, - { - "name" : "[oss-security] 20100629 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127781315415896&w=2" - }, - { - "name" : "[oss-security] 20100630 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/30/22" - }, - { - "name" : "[oss-security] 20100701 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127797353202873&w=2" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2216", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2216" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=603081", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=603081" - }, - { - "name" : "GLSA-201209-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" - }, - { - "name" : "RHSA-2010:0519", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0519.html" - }, - { - "name" : "40422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40422" - }, - { - "name" : "40527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40527" - }, - { - "name" : "50726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50726" - }, - { - "name" : "ADV-2010-1761", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605" + }, + { + "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2" + }, + { + "name": "40527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40527" + }, + { + "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127781315415896&w=2" + }, + { + "name": "[oss-security] 20100623 CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2" + }, + { + "name": "ADV-2010-1761", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1761" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2216", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2216" + }, + { + "name": "GLSA-201209-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + }, + { + "name": "RHSA-2010:0519", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html" + }, + { + "name": "40422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40422" + }, + { + "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2" + }, + { + "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2" + }, + { + "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22" + }, + { + "name": "50726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50726" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=603081", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603081" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2760.json b/2010/2xxx/CVE-2010-2760.json index a049f260be0..a9ee8996c7d 100644 --- a/2010/2xxx/CVE-2010-2760.json +++ b/2010/2xxx/CVE-2010-2760.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a \"dangling pointer vulnerability.\" NOTE: this issue exists because of an incomplete fix for CVE-2010-2753." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-54.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-54.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=585815", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=585815" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100110210", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100110210" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100112690", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100112690" - }, - { - "name" : "DSA-2106", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2106" - }, - { - "name" : "FEDORA-2010-14362", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" - }, - { - "name" : "MDVSA-2010:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:11799", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11799" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - }, - { - "name" : "mozilla-nstreeselection-code-execution(61660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a \"dangling pointer vulnerability.\" NOTE: this issue exists because of an incomplete fix for CVE-2010-2753." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mozilla-nstreeselection-code-execution(61660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61660" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=585815", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=585815" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-54.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-54.html" + }, + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "FEDORA-2010-14362", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100110210", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100110210" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100112690", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100112690" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "MDVSA-2010:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "DSA-2106", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2106" + }, + { + "name": "oval:org.mitre.oval:def:11799", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11799" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2772.json b/2010/2xxx/CVE-2010-2772.json index 212b9fd13d8..7c7f335cc0d 100644 --- a/2010/2xxx/CVE-2010-2772.json +++ b/2010/2xxx/CVE-2010-2772.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725", - "refsource" : "MISC", - "url" : "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725" - }, - { - "name" : "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr", - "refsource" : "MISC", - "url" : "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr" - }, - { - "name" : "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/", - "refsource" : "MISC", - "url" : "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/" - }, - { - "name" : "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1", - "refsource" : "MISC", - "url" : "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1" - }, - { - "name" : "http://www.wired.com/threatlevel/2010/07/siemens-scada/", - "refsource" : "MISC", - "url" : "http://www.wired.com/threatlevel/2010/07/siemens-scada/" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001987.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001987.html" - }, - { - "name" : "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22", - "refsource" : "MISC", - "url" : "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01" - }, - { - "name" : "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx" - }, - { - "name" : "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c", - "refsource" : "CONFIRM", - "url" : "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c" - }, - { - "name" : "41753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41753" - }, - { - "name" : "40682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40682" - }, - { - "name" : "ADV-2010-1893", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1893" - }, - { - "name" : "simatic-wincc-default-password(60587)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simatic-wincc-default-password(60587)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60587" + }, + { + "name": "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr", + "refsource": "MISC", + "url": "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr" + }, + { + "name": "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c", + "refsource": "CONFIRM", + "url": "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001987.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001987.html" + }, + { + "name": "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1", + "refsource": "MISC", + "url": "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1" + }, + { + "name": "ADV-2010-1893", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1893" + }, + { + "name": "40682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40682" + }, + { + "name": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/", + "refsource": "MISC", + "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/" + }, + { + "name": "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx", + "refsource": "CONFIRM", + "url": "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx" + }, + { + "name": "41753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41753" + }, + { + "name": "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725", + "refsource": "MISC", + "url": "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725" + }, + { + "name": "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22", + "refsource": "MISC", + "url": "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22" + }, + { + "name": "http://www.wired.com/threatlevel/2010/07/siemens-scada/", + "refsource": "MISC", + "url": "http://www.wired.com/threatlevel/2010/07/siemens-scada/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2797.json b/2010/2xxx/CVE-2010-2797.json index ca87a6ebd99..30f6ea2fb3c 100644 --- a/2010/2xxx/CVE-2010-2797.json +++ b/2010/2xxx/CVE-2010-2797.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100802 CVE request: cmsmadesimple < 1.8.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/01/2" - }, - { - "name" : "[oss-security] 20100802 Re: CVE request: cmsmadesimple < 1.8.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/02/8" - }, - { - "name" : "http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html" - }, - { - "name" : "http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/", - "refsource" : "CONFIRM", - "url" : "http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/" - }, - { - "name" : "40031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/", + "refsource": "CONFIRM", + "url": "http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/" + }, + { + "name": "[oss-security] 20100802 CVE request: cmsmadesimple < 1.8.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/01/2" + }, + { + "name": "40031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40031" + }, + { + "name": "http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html" + }, + { + "name": "[oss-security] 20100802 Re: CVE request: cmsmadesimple < 1.8.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/02/8" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2983.json b/2010/2xxx/CVE-2010-2983.json index 63ac5a43da5..dbb0a30b8e6 100644 --- a/2010/2xxx/CVE-2010-2983.json +++ b/2010/2xxx/CVE-2010-2983.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an \"EAPoL logoff attack,\" aka Bug ID CSCte43374." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an \"EAPoL logoff attack,\" aka Bug ID CSCte43374." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3402.json b/2010/3xxx/CVE-2010-3402.json index 10c4b60821c..eb94ed7583e 100644 --- a/2010/3xxx/CVE-2010-3402.json +++ b/2010/3xxx/CVE-2010-3402.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100912 UltraEdit Text Editor version 16.10.0.1036 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0227.html" - }, - { - "name" : "43183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43183" - }, - { - "name" : "67995", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67995" - }, - { - "name" : "41403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43183" + }, + { + "name": "67995", + "refsource": "OSVDB", + "url": "http://osvdb.org/67995" + }, + { + "name": "41403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41403" + }, + { + "name": "20100912 UltraEdit Text Editor version 16.10.0.1036 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0227.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3656.json b/2010/3xxx/CVE-2010-3656.json index bfbb05c1d4f..61249380c58 100644 --- a/2010/3xxx/CVE-2010-3656.json +++ b/2010/3xxx/CVE-2010-3656.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7484", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7484" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "oval:org.mitre.oval:def:7484", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7484" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3832.json b/2010/3xxx/CVE-2010-3832.json index ba5564613fa..a8f78ceffde 100644 --- a/2010/3xxx/CVE-2010-3832.json +++ b/2010/3xxx/CVE-2010-3832.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "1024770", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024770" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "appleios-tmsi-bo(63421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "appleios-tmsi-bo(63421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63421" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "1024770", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024770" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3929.json b/2010/3xxx/CVE-2010-3929.json index f2fa50afda9..a1a0057e762 100644 --- a/2010/3xxx/CVE-2010-3929.json +++ b/2010/3xxx/CVE-2010-3929.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://modxcms.com/forums/index.php/topic,60045.0.html", - "refsource" : "CONFIRM", - "url" : "http://modxcms.com/forums/index.php/topic,60045.0.html" - }, - { - "name" : "JVN#54092716", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN54092716/index.html" - }, - { - "name" : "JVNDB-2011-000008", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000008.html" - }, - { - "name" : "70771", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70771" - }, - { - "name" : "modx-evolution-unspec-sql-injection(65082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "modx-evolution-unspec-sql-injection(65082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65082" + }, + { + "name": "JVN#54092716", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN54092716/index.html" + }, + { + "name": "JVNDB-2011-000008", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000008.html" + }, + { + "name": "70771", + "refsource": "OSVDB", + "url": "http://osvdb.org/70771" + }, + { + "name": "http://modxcms.com/forums/index.php/topic,60045.0.html", + "refsource": "CONFIRM", + "url": "http://modxcms.com/forums/index.php/topic,60045.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0215.json b/2011/0xxx/CVE-2011-0215.json index 46eaf2cd3e4..30a22ad9961 100644 --- a/2011/0xxx/CVE-2011-0215.json +++ b/2011/0xxx/CVE-2011-0215.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1376.json b/2011/1xxx/CVE-2011-1376.json index 39ffbc99a64..beffe414ccd 100644 --- a/2011/1xxx/CVE-2011-1376.json +++ b/2011/1xxx/CVE-2011-1376.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21569205", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21569205" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24031675", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24031675" - }, - { - "name" : "PM49712", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM49712" - }, - { - "name" : "was-iscdeploy-insecure-permissions(71230)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21569205", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21569205" + }, + { + "name": "was-iscdeploy-insecure-permissions(71230)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71230" + }, + { + "name": "PM49712", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM49712" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24031675", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24031675" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1584.json b/2011/1xxx/CVE-2011-1584.json index 736a3588af0..d35fe9b1176 100644 --- a/2011/1xxx/CVE-2011-1584.json +++ b/2011/1xxx/CVE-2011-1584.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110413 CVE request: dotclear before 2.2.3", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/13/19" - }, - { - "name" : "[oss-security] 20110414 Re: CVE request: dotclear before 2.2.3", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/14/8" - }, - { - "name" : "[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/15/11" - }, - { - "name" : "[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/15/7" - }, - { - "name" : "http://dev.dotclear.org/2.0/changeset/2:3427", - "refsource" : "MISC", - "url" : "http://dev.dotclear.org/2.0/changeset/2:3427" - }, - { - "name" : "http://www.arcabit.com/english/home/a-flaw-in-dotclear", - "refsource" : "MISC", - "url" : "http://www.arcabit.com/english/home/a-flaw-in-dotclear" - }, - { - "name" : "http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3", - "refsource" : "CONFIRM", - "url" : "http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3" - }, - { - "name" : "http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3", - "refsource" : "CONFIRM", - "url" : "http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3" - }, - { - "name" : "44049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110413 CVE request: dotclear before 2.2.3", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/13/19" + }, + { + "name": "[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/15/7" + }, + { + "name": "[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/15/11" + }, + { + "name": "http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3", + "refsource": "CONFIRM", + "url": "http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3" + }, + { + "name": "http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3", + "refsource": "CONFIRM", + "url": "http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3" + }, + { + "name": "http://www.arcabit.com/english/home/a-flaw-in-dotclear", + "refsource": "MISC", + "url": "http://www.arcabit.com/english/home/a-flaw-in-dotclear" + }, + { + "name": "http://dev.dotclear.org/2.0/changeset/2:3427", + "refsource": "MISC", + "url": "http://dev.dotclear.org/2.0/changeset/2:3427" + }, + { + "name": "44049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44049" + }, + { + "name": "[oss-security] 20110414 Re: CVE request: dotclear before 2.2.3", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/14/8" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3101.json b/2014/3xxx/CVE-2014-3101.json index 5e4dab33025..bca25db9b4e 100644 --- a/2014/3xxx/CVE-2014-3101.json +++ b/2014/3xxx/CVE-2014-3101.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682946", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682946" - }, - { - "name" : "1030884", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030884" - }, - { - "name" : "ibm-clearquest-cve20143101-bruteforce(94268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-clearquest-cve20143101-bruteforce(94268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946" + }, + { + "name": "1030884", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030884" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3659.json b/2014/3xxx/CVE-2014-3659.json index e18b86cb536..35fdad3df85 100644 --- a/2014/3xxx/CVE-2014-3659.json +++ b/2014/3xxx/CVE-2014-3659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3659", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE assignments. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3659", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE assignments. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6910.json b/2014/6xxx/CVE-2014-6910.json index 8dabe49d0b4..a2fae507bc9 100644 --- a/2014/6xxx/CVE-2014-6910.json +++ b/2014/6xxx/CVE-2014-6910.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application 1.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#805137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/805137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application 1.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#805137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/805137" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6989.json b/2014/6xxx/CVE-2014-6989.json index aa8682b9abf..3035b95a672 100644 --- a/2014/6xxx/CVE-2014-6989.json +++ b/2014/6xxx/CVE-2014-6989.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Germanwings (aka com.germanwings.android) application 2.1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#307321", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/307321" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Germanwings (aka com.germanwings.android) application 2.1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#307321", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/307321" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7059.json b/2014/7xxx/CVE-2014-7059.json index 89b46458a83..0963801e9bd 100644 --- a/2014/7xxx/CVE-2014-7059.json +++ b/2014/7xxx/CVE-2014-7059.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#119617", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/119617" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#119617", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/119617" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7683.json b/2014/7xxx/CVE-2014-7683.json index 8fb7f836946..579643808a7 100644 --- a/2014/7xxx/CVE-2014-7683.json +++ b/2014/7xxx/CVE-2014-7683.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#424537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/424537" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#424537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/424537" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7934.json b/2014/7xxx/CVE-2014-7934.json index 163aa0b1f69..231e39436ae 100644 --- a/2014/7xxx/CVE-2014-7934.json +++ b/2014/7xxx/CVE-2014-7934.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=427249", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=427249" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=185504&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=185504&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=185598&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=185598&view=revision" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=185504&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=185504&view=revision" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=185598&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=185598&view=revision" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=427249", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=427249" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8696.json b/2014/8xxx/CVE-2014-8696.json index f859eeab79d..deeaa212805 100644 --- a/2014/8xxx/CVE-2014-8696.json +++ b/2014/8xxx/CVE-2014-8696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8696", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8696", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8925.json b/2014/8xxx/CVE-2014-8925.json index cfdda18281c..44511d4b302 100644 --- a/2014/8xxx/CVE-2014-8925.json +++ b/2014/8xxx/CVE-2014-8925.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699148", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9459.json b/2014/9xxx/CVE-2014-9459.json index 945f5e67e55..27ec7f0d59a 100644 --- a/2014/9xxx/CVE-2014-9459.json +++ b/2014/9xxx/CVE-2014-9459.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141229 CSRF vulnerability in CMS e107 v.2 alpha2", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/124" - }, - { - "name" : "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html" - }, - { - "name" : "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080", - "refsource" : "CONFIRM", - "url" : "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html" + }, + { + "name": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html" + }, + { + "name": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080", + "refsource": "CONFIRM", + "url": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080" + }, + { + "name": "20141229 CSRF vulnerability in CMS e107 v.2 alpha2", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/124" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2072.json b/2016/2xxx/CVE-2016-2072.json index 5a098a724d4..e9f5b91c77c 100644 --- a/2016/2xxx/CVE-2016-2072.json +++ b/2016/2xxx/CVE-2016-2072.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX206001", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX206001" - }, - { - "name" : "1035098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035098" + }, + { + "name": "http://support.citrix.com/article/CTX206001", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX206001" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6010.json b/2016/6xxx/CVE-2016-6010.json index 984b1fb36ae..13200e498e7 100644 --- a/2016/6xxx/CVE-2016-6010.json +++ b/2016/6xxx/CVE-2016-6010.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6010", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6010", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6359.json b/2016/6xxx/CVE-2016-6359.json index e295d52de38..bbacb2f9e3c 100644 --- a/2016/6xxx/CVE-2016-6359.json +++ b/2016/6xxx/CVE-2016-6359.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160817 Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch" - }, - { - "name" : "92516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160817 Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch" + }, + { + "name": "92516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92516" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18038.json b/2017/18xxx/CVE-2017-18038.json index 19918fba221..d902c1f82a7 100644 --- a/2017/18xxx/CVE-2017-18038.json +++ b/2017/18xxx/CVE-2017-18038.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-02-02T00:00:00", - "ID" : "CVE-2017-18038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bitbucket Server", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 5.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-02-02T00:00:00", + "ID": "CVE-2017-18038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "prior to 5.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/BSERV-10592", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/BSERV-10592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/BSERV-10592", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/BSERV-10592" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5361.json b/2017/5xxx/CVE-2017-5361.json index fba677eed3e..25caaf8da22 100644 --- a/2017/5xxx/CVE-2017-5361.json +++ b/2017/5xxx/CVE-2017-5361.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016", - "refsource" : "CONFIRM", - "url" : "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016" - }, - { - "name" : "DSA-3882", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3882" - }, - { - "name" : "DSA-3883", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3883", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3883" + }, + { + "name": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016", + "refsource": "CONFIRM", + "url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016" + }, + { + "name": "DSA-3882", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3882" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5465.json b/2017/5xxx/CVE-2017-5465.json index 5832bb0e8d8..10f0d93ffac 100644 --- a/2017/5xxx/CVE-2017-5465.json +++ b/2017/5xxx/CVE-2017-5465.json @@ -1,144 +1,144 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read in ConvolvePixel" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42072", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42072/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read in ConvolvePixel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "42072", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42072/" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5471.json b/2017/5xxx/CVE-2017-5471.json index 6015a5b62bc..da436ed963a 100644 --- a/2017/5xxx/CVE-2017-5471.json +++ b/2017/5xxx/CVE-2017-5471.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 54" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "99042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99042" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 54" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99042" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069" + } + ] + } +} \ No newline at end of file