diff --git a/2006/0xxx/CVE-2006-0207.json b/2006/0xxx/CVE-2006-0207.json index 86ea697631d..8237f6bc575 100644 --- a/2006/0xxx/CVE-2006-0207.json +++ b/2006/0xxx/CVE-2006-0207.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hardened-php.net/advisory_012006.112.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_012006.112.html" - }, - { - "name" : "http://www.php.net/release_5_1_2.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_5_1_2.php" - }, - { - "name" : "DSA-1331", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1331" - }, - { - "name" : "GLSA-200603-22", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml" - }, - { - "name" : "MDKSA-2006:028", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:028" - }, - { - "name" : "SUSE-SR:2006:004", - "refsource" : "SUSE", - "url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html" - }, - { - "name" : "USN-261-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/261-1/" - }, - { - "name" : "16220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16220" - }, - { - "name" : "ADV-2006-0177", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0177" - }, - { - "name" : "ADV-2006-0369", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0369" - }, - { - "name" : "1015484", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015484" - }, - { - "name" : "18431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18431" - }, - { - "name" : "18697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18697" - }, - { - "name" : "19179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19179" - }, - { - "name" : "19355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19355" - }, - { - "name" : "19012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19012" - }, - { - "name" : "25945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25945" - }, - { - "name" : "php-session-response-splitting(24094)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19355" + }, + { + "name": "1015484", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015484" + }, + { + "name": "USN-261-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/261-1/" + }, + { + "name": "SUSE-SR:2006:004", + "refsource": "SUSE", + "url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html" + }, + { + "name": "18431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18431" + }, + { + "name": "ADV-2006-0369", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0369" + }, + { + "name": "ADV-2006-0177", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0177" + }, + { + "name": "19179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19179" + }, + { + "name": "http://www.hardened-php.net/advisory_012006.112.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_012006.112.html" + }, + { + "name": "GLSA-200603-22", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml" + }, + { + "name": "DSA-1331", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1331" + }, + { + "name": "18697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18697" + }, + { + "name": "php-session-response-splitting(24094)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24094" + }, + { + "name": "25945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25945" + }, + { + "name": "MDKSA-2006:028", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:028" + }, + { + "name": "http://www.php.net/release_5_1_2.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_5_1_2.php" + }, + { + "name": "19012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19012" + }, + { + "name": "16220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16220" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0415.json b/2006/0xxx/CVE-2006-0415.json index f8350f993ea..3031030ebbe 100644 --- a/2006/0xxx/CVE-2006-0415.json +++ b/2006/0xxx/CVE-2006-0415.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16363" - }, - { - "name" : "22784", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22784" - }, - { - "name" : "1015525", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015525" - }, - { - "name" : "sleeperchat-index-xss(24300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22784", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22784" + }, + { + "name": "sleeperchat-index-xss(24300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24300" + }, + { + "name": "1015525", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015525" + }, + { + "name": "16363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16363" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3153.json b/2006/3xxx/CVE-2006-3153.json index 48fa7dc716f..306193dd469 100644 --- a/2006/3xxx/CVE-2006-3153.json +++ b/2006/3xxx/CVE-2006-3153.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html" - }, - { - "name" : "18573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18573" - }, - { - "name" : "ADV-2006-2475", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2475" - }, - { - "name" : "26741", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26741" - }, - { - "name" : "20761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20761" - }, - { - "name" : "ultimate-estate-index-xss(27274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ultimate-estate-index-xss(27274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27274" + }, + { + "name": "26741", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26741" + }, + { + "name": "ADV-2006-2475", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2475" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html" + }, + { + "name": "18573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18573" + }, + { + "name": "20761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20761" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3226.json b/2006/3xxx/CVE-2006-3226.json index 19c483b65d1..f1ba5cd2659 100644 --- a/2006/3xxx/CVE-2006-3226.json +++ b/2006/3xxx/CVE-2006-3226.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060623 Cisco Secure ACS Weak Session Management Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438161/100/0/threaded" - }, - { - "name" : "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438258/100/0/threaded" - }, - { - "name" : "20060623 Cisco Secure ACS Weak Session Management Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html" - }, - { - "name" : "18621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18621" - }, - { - "name" : "ADV-2006-2524", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2524" - }, - { - "name" : "26825", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26825" - }, - { - "name" : "1016369", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016369" - }, - { - "name" : "20816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20816" - }, - { - "name" : "1157", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1157" - }, - { - "name" : "cisco-acs-session-spoofing(27328)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016369", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016369" + }, + { + "name": "26825", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26825" + }, + { + "name": "1157", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1157" + }, + { + "name": "cisco-acs-session-spoofing(27328)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328" + }, + { + "name": "ADV-2006-2524", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2524" + }, + { + "name": "20816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20816" + }, + { + "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded" + }, + { + "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html" + }, + { + "name": "18621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18621" + }, + { + "name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3672.json b/2006/3xxx/CVE-2006-3672.json index ffe56677cb1..686f9e3f23d 100644 --- a/2006/3xxx/CVE-2006-3672.json +++ b/2006/3xxx/CVE-2006-3672.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html" - }, - { - "name" : "MDKSA-2006:130", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:130" - }, - { - "name" : "USN-322-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-322-1" - }, - { - "name" : "18978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18978" - }, - { - "name" : "ADV-2006-2812", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2812" - }, - { - "name" : "27058", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27058" - }, - { - "name" : "konqueror-replacechild-dos(27744)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:130", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:130" + }, + { + "name": "27058", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27058" + }, + { + "name": "18978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18978" + }, + { + "name": "konqueror-replacechild-dos(27744)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27744" + }, + { + "name": "ADV-2006-2812", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2812" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html" + }, + { + "name": "USN-322-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-322-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3741.json b/2006/3xxx/CVE-2006-3741.json index 2be6ff55bf9..df3bd1f44ae 100644 --- a/2006/3xxx/CVE-2006-3741.json +++ b/2006/3xxx/CVE-2006-3741.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b8444d00762703e1b6146fce12ce2684885f8bf6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b8444d00762703e1b6146fce12ce2684885f8bf6" - }, - { - "name" : "DSA-1233", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1233" - }, - { - "name" : "MDKSA-2006:182", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:182" - }, - { - "name" : "MDKSA-2007:025", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" - }, - { - "name" : "RHSA-2006:0689", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "20361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20361" - }, - { - "name" : "oval:org.mitre.oval:def:11250", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11250" - }, - { - "name" : "ADV-2006-3937", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3937" - }, - { - "name" : "22279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22279" - }, - { - "name" : "22292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22292" - }, - { - "name" : "22382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22382" - }, - { - "name" : "22945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22945" - }, - { - "name" : "23370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23370" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - }, - { - "name" : "kernel-sysperfmon-dos(29384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b8444d00762703e1b6146fce12ce2684885f8bf6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b8444d00762703e1b6146fce12ce2684885f8bf6" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360" + }, + { + "name": "MDKSA-2007:025", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" + }, + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "22279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22279" + }, + { + "name": "22292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22292" + }, + { + "name": "RHSA-2006:0689", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html" + }, + { + "name": "oval:org.mitre.oval:def:11250", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11250" + }, + { + "name": "MDKSA-2006:182", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:182" + }, + { + "name": "22382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22382" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "kernel-sysperfmon-dos(29384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29384" + }, + { + "name": "DSA-1233", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1233" + }, + { + "name": "23370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23370" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" + }, + { + "name": "22945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22945" + }, + { + "name": "ADV-2006-3937", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3937" + }, + { + "name": "20361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20361" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4752.json b/2006/4xxx/CVE-2006-4752.json index 6aec7ade37d..a1bb911075a 100644 --- a/2006/4xxx/CVE-2006-4752.json +++ b/2006/4xxx/CVE-2006-4752.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060911 XHP CMS v0.5.1 Vuls Xss and Full path vuls", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445727/100/0/threaded" - }, - { - "name" : "ADV-2006-3560", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3560" - }, - { - "name" : "1016823", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016823" - }, - { - "name" : "21877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21877" - }, - { - "name" : "1565", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1565" - }, - { - "name" : "xhpcms-action-path-disclosure(28862)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3560", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3560" + }, + { + "name": "xhpcms-action-path-disclosure(28862)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28862" + }, + { + "name": "20060911 XHP CMS v0.5.1 Vuls Xss and Full path vuls", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445727/100/0/threaded" + }, + { + "name": "21877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21877" + }, + { + "name": "1016823", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016823" + }, + { + "name": "1565", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1565" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4782.json b/2006/4xxx/CVE-2006-4782.json index f7d6f333b5d..d60d1d5623e 100644 --- a/2006/4xxx/CVE-2006-4782.json +++ b/2006/4xxx/CVE-2006-4782.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2352", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2352" - }, - { - "name" : "http://cms.webspell.org/index.php?site=files&file=15", - "refsource" : "CONFIRM", - "url" : "http://cms.webspell.org/index.php?site=files&file=15" - }, - { - "name" : "19975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19975" - }, - { - "name" : "ADV-2006-3572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3572" - }, - { - "name" : "21881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21881" - }, - { - "name" : "webspell-login-authentication-bypass(28896)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webspell-login-authentication-bypass(28896)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28896" + }, + { + "name": "21881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21881" + }, + { + "name": "2352", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2352" + }, + { + "name": "19975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19975" + }, + { + "name": "ADV-2006-3572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3572" + }, + { + "name": "http://cms.webspell.org/index.php?site=files&file=15", + "refsource": "CONFIRM", + "url": "http://cms.webspell.org/index.php?site=files&file=15" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4838.json b/2006/4xxx/CVE-2006-4838.json index dff76c29461..6f04754d9ba 100644 --- a/2006/4xxx/CVE-2006-4838.json +++ b/2006/4xxx/CVE-2006-4838.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060914 DCP-Portal SE 6.0 multiple injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445996/100/0/threaded" - }, - { - "name" : "20024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20024" - }, - { - "name" : "1585", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060914 DCP-Portal SE 6.0 multiple injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded" + }, + { + "name": "20024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20024" + }, + { + "name": "1585", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1585" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4850.json b/2006/4xxx/CVE-2006-4850.json index 81dc30898db..8d45857eca5 100644 --- a/2006/4xxx/CVE-2006-4850.json +++ b/2006/4xxx/CVE-2006-4850.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446113/100/0/threaded" - }, - { - "name" : "2372", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2372" - }, - { - "name" : "20037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20037" - }, - { - "name" : "ADV-2006-3642", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3642" - }, - { - "name" : "21965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21965" - }, - { - "name" : "1593", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1593" - }, - { - "name" : "bolinos-index-file-include(28991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20037" + }, + { + "name": "2372", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2372" + }, + { + "name": "1593", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1593" + }, + { + "name": "ADV-2006-3642", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3642" + }, + { + "name": "20060915 BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446113/100/0/threaded" + }, + { + "name": "21965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21965" + }, + { + "name": "bolinos-index-file-include(28991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28991" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6157.json b/2006/6xxx/CVE-2006-6157.json index 5c2cb00c6c2..385800a495a 100644 --- a/2006/6xxx/CVE-2006-6157.json +++ b/2006/6xxx/CVE-2006-6157.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061121 ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452231/100/100/threaded" - }, - { - "name" : "2822", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2822" - }, - { - "name" : "http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl", - "refsource" : "MISC", - "url" : "http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437" - }, - { - "name" : "21237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21237" - }, - { - "name" : "ADV-2006-4663", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4663" - }, - { - "name" : "1017265", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017265" - }, - { - "name" : "23005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23005" - }, - { - "name" : "1925", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1925" - }, - { - "name" : "contentnow-index-sql-injection(30459)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1925", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1925" + }, + { + "name": "ADV-2006-4663", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4663" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437" + }, + { + "name": "1017265", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017265" + }, + { + "name": "2822", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2822" + }, + { + "name": "21237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21237" + }, + { + "name": "20061121 ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452231/100/100/threaded" + }, + { + "name": "23005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23005" + }, + { + "name": "http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl", + "refsource": "MISC", + "url": "http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl" + }, + { + "name": "contentnow-index-sql-injection(30459)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30459" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2001.json b/2010/2xxx/CVE-2010-2001.json index cdf132491ce..5911a3ad7d7 100644 --- a/2010/2xxx/CVE-2010-2001.json +++ b/2010/2xxx/CVE-2010-2001.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/797342", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/797342" - }, - { - "name" : "http://drupal.org/node/797352", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/797352" - }, - { - "name" : "40130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40130" - }, - { - "name" : "39806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/797352", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/797352" + }, + { + "name": "http://drupal.org/node/797342", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/797342" + }, + { + "name": "39806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39806" + }, + { + "name": "40130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40130" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2079.json b/2010/2xxx/CVE-2010-2079.json index 5ff7f370530..5783d438d62 100644 --- a/2010/2xxx/CVE-2010-2079.json +++ b/2010/2xxx/CVE-2010-2079.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\\ and (2) .ascx\\ files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html" - }, - { - "name" : "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt" - }, - { - "name" : "datatrack-backslash-info-disc(58735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\\ and (2) .ascx\\ files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html" + }, + { + "name": "datatrack-backslash-info-disc(58735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58735" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2621.json b/2010/2xxx/CVE-2010-2621.json index 7d1c7bfff5b..408b3bdceba 100644 --- a/2010/2xxx/CVE-2010-2621.json +++ b/2010/2xxx/CVE-2010-2621.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.org/adv/qtsslame-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/qtsslame-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/qtsslame.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/qtsslame.zip" - }, - { - "name" : "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597", - "refsource" : "CONFIRM", - "url" : "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597" - }, - { - "name" : "SUSE-SU-2011:1113", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/12056605" - }, - { - "name" : "41250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41250" - }, - { - "name" : "65860", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65860" - }, - { - "name" : "40389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40389" - }, - { - "name" : "46410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46410" - }, - { - "name" : "ADV-2010-1657", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46410" + }, + { + "name": "ADV-2010-1657", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1657" + }, + { + "name": "http://aluigi.org/poc/qtsslame.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/qtsslame.zip" + }, + { + "name": "41250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41250" + }, + { + "name": "65860", + "refsource": "OSVDB", + "url": "http://osvdb.org/65860" + }, + { + "name": "40389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40389" + }, + { + "name": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597", + "refsource": "CONFIRM", + "url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597" + }, + { + "name": "SUSE-SU-2011:1113", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/12056605" + }, + { + "name": "http://aluigi.org/adv/qtsslame-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/qtsslame-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2633.json b/2010/2xxx/CVE-2010-2633.json index 2ab8163d96b..53c3574af36 100644 --- a/2010/2xxx/CVE-2010-2633.json +++ b/2010/2xxx/CVE-2010-2633.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2010-2633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100730 ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-07/0272.html" - }, - { - "name" : "42105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42105" - }, - { - "name" : "66826", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66826" - }, - { - "name" : "1024265", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024265" - }, - { - "name" : "40828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40828" - }, - { - "name" : "ADV-2010-1969", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1969" - }, - { - "name" : "edl-tcp-dos(60853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100730 ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0272.html" + }, + { + "name": "66826", + "refsource": "OSVDB", + "url": "http://osvdb.org/66826" + }, + { + "name": "ADV-2010-1969", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1969" + }, + { + "name": "42105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42105" + }, + { + "name": "edl-tcp-dos(60853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60853" + }, + { + "name": "40828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40828" + }, + { + "name": "1024265", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024265" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2718.json b/2010/2xxx/CVE-2010-2718.json index 847ca374cae..8d780c8958b 100644 --- a/2010/2xxx/CVE-2010-2718.json +++ b/2010/2xxx/CVE-2010-2718.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100708 XSS vulnerability in CruxPA", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512243/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html" - }, - { - "name" : "41495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41495" - }, - { - "name" : "ADV-2010-1709", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt" + }, + { + "name": "ADV-2010-1709", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1709" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html" + }, + { + "name": "20100708 XSS vulnerability in CruxPA", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512243/100/0/threaded" + }, + { + "name": "41495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41495" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3895.json b/2010/3xxx/CVE-2010-3895.json index f79b9851329..0dc0001d949 100644 --- a/2010/3xxx/CVE-2010-3895.json +++ b/2010/3xxx/CVE-2010-3895.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101109 IBM OmniFind - several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514688/100/0/threaded" - }, - { - "name" : "15475", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15475" - }, - { - "name" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", - "refsource" : "MISC", - "url" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" - }, - { - "name" : "44740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44740" - }, - { - "name" : "ADV-2010-2933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101109 IBM OmniFind - several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded" + }, + { + "name": "15475", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15475" + }, + { + "name": "44740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44740" + }, + { + "name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", + "refsource": "MISC", + "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" + }, + { + "name": "ADV-2010-2933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2933" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0209.json b/2011/0xxx/CVE-2011-0209.json index 2f58b47fe5e..bdde4a0f2e8 100644 --- a/2011/0xxx/CVE-2011-0209.json +++ b/2011/0xxx/CVE-2011-0209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-08-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "APPLE-SA-2011-08-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0250.json b/2011/0xxx/CVE-2011-0250.json index c364123a741..be8d55cfe81 100644 --- a/2011/0xxx/CVE-2011-0250.json +++ b/2011/0xxx/CVE-2011-0250.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-08-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:15885", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-08-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "oval:org.mitre.oval:def:15885", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15885" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0868.json b/2011/0xxx/CVE-2011-0868.json index be337df7111..3924eb1b2cb 100644 --- a/2011/0xxx/CVE-2011-0868.json +++ b/2011/0xxx/CVE-2011-0868.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100144512", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144512" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100147041", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100147041" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "DSA-2311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2311" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02697", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "SSRT100591", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "MDVSA-2011:126", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:126" - }, - { - "name" : "RHSA-2011:0856", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0856.html" - }, - { - "name" : "RHSA-2011:0857", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0857.html" - }, - { - "name" : "RHSA-2011:0860", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0860.html" - }, - { - "name" : "RHSA-2011:0938", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0938.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "SUSE-SA:2011:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" - }, - { - "name" : "SUSE-SU-2011:0807", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" - }, - { - "name" : "openSUSE-SU-2011:0633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14264", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14264" - }, - { - "name" : "oval:org.mitre.oval:def:14827", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14827" - }, - { - "name" : "44818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44818" - }, - { - "name" : "44930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" + }, + { + "name": "oval:org.mitre.oval:def:14264", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14264" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "DSA-2311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2311" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144512", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144512" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "44818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44818" + }, + { + "name": "RHSA-2011:0856", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0856.html" + }, + { + "name": "RHSA-2011:0938", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0938.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100147041", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100147041" + }, + { + "name": "oval:org.mitre.oval:def:14827", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14827" + }, + { + "name": "44930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44930" + }, + { + "name": "SUSE-SA:2011:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" + }, + { + "name": "SSRT100591", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "MDVSA-2011:126", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:126" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "SUSE-SU-2011:0807", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" + }, + { + "name": "openSUSE-SU-2011:0633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + }, + { + "name": "HPSBUX02697", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "RHSA-2011:0860", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0860.html" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + }, + { + "name": "RHSA-2011:0857", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0857.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1289.json b/2011/1xxx/CVE-2011-1289.json index e719a632cbc..8ec49d7f21f 100644 --- a/2011/1xxx/CVE-2011-1289.json +++ b/2011/1xxx/CVE-2011-1289.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1289", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1289", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1419.json b/2011/1xxx/CVE-2011-1419.json index 4d14481d9a4..d5e6785a62f 100644 --- a/2011/1xxx/CVE-2011-1419.json +++ b/2011/1xxx/CVE-2011-1419.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20110302 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E" - }, - { - "name" : "[users] 20110302 Re: @DenyAll does nothing", - "refsource" : "MLIST", - "url" : "http://markmail.org/message/lzx5273wsgl5pob6" - }, - { - "name" : "[users] 20110302 Re: @DenyAll does nothing", - "refsource" : "MLIST", - "url" : "http://markmail.org/message/yzmyn44f5aetmm2r" - }, - { - "name" : "[users] 20110309 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=tomcat-user&m=129966773405409&w=2" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1079752", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1079752" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "46685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46685" - }, - { - "name" : "71027", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71027" - }, - { - "name" : "43684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43684" - }, - { - "name" : "8131", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8131" - }, - { - "name" : "ADV-2011-0563", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0563" - }, - { - "name" : "tomcat-servletsecurity-sec-bypass(65971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65971" - }, - { - "name" : "apache-servletsecurity-sec-bypass(66154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tomcat-servletsecurity-sec-bypass(65971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65971" + }, + { + "name": "43684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43684" + }, + { + "name": "46685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46685" + }, + { + "name": "ADV-2011-0563", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0563" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "8131", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8131" + }, + { + "name": "apache-servletsecurity-sec-bypass(66154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66154" + }, + { + "name": "71027", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71027" + }, + { + "name": "[announce] 20110302 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1079752", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1079752" + }, + { + "name": "[users] 20110302 Re: @DenyAll does nothing", + "refsource": "MLIST", + "url": "http://markmail.org/message/lzx5273wsgl5pob6" + }, + { + "name": "[users] 20110302 Re: @DenyAll does nothing", + "refsource": "MLIST", + "url": "http://markmail.org/message/yzmyn44f5aetmm2r" + }, + { + "name": "[users] 20110309 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations", + "refsource": "MLIST", + "url": "http://marc.info/?l=tomcat-user&m=129966773405409&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1555.json b/2011/1xxx/CVE-2011-1555.json index b1e9633e553..73edd150710 100644 --- a/2011/1xxx/CVE-2011-1555.json +++ b/2011/1xxx/CVE-2011-1555.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html", - "refsource" : "CONFIRM", - "url" : "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html" - }, - { - "name" : "34476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34476" - }, - { - "name" : "ADV-2011-0802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html", + "refsource": "CONFIRM", + "url": "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html" + }, + { + "name": "ADV-2011-0802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0802" + }, + { + "name": "34476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34476" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5277.json b/2011/5xxx/CVE-2011-5277.json index 53afe8393a3..1be2f808561 100644 --- a/2011/5xxx/CVE-2011-5277.json +++ b/2011/5xxx/CVE-2011-5277.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17961", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17961" - }, - { - "name" : "50051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50051/info" - }, - { - "name" : "76295", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76295" - }, - { - "name" : "46352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46352" - }, - { - "name" : "mybbafs-signature-sql-injection(70473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybbafs-signature-sql-injection(70473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70473" + }, + { + "name": "17961", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17961" + }, + { + "name": "46352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46352" + }, + { + "name": "76295", + "refsource": "OSVDB", + "url": "http://osvdb.org/76295" + }, + { + "name": "50051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50051/info" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3506.json b/2014/3xxx/CVE-2014-3506.json index 84572a7aa06..af29af085e1 100644 --- a/2014/3xxx/CVE-2014-3506.json +++ b/2014/3xxx/CVE-2014-3506.json @@ -1,337 +1,337 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", - "refsource" : "MLIST", - "url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" - }, - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636" - }, - { - "name" : "https://www.openssl.org/news/secadv_20140806.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20140806.txt" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1053.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1053.html" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" - }, - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127500", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127500" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1052.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1052.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" - }, - { - "name" : "DSA-2998", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2998" - }, - { - "name" : "FEDORA-2014-9301", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" - }, - { - "name" : "FEDORA-2014-9308", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" - }, - { - "name" : "FreeBSD-SA-14:18", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc" - }, - { - "name" : "GLSA-201412-39", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml" - }, - { - "name" : "HPSBOV03099", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141077370928502&w=2" - }, - { - "name" : "HPSBUX03095", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2" - }, - { - "name" : "SSRT101674", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2" - }, - { - "name" : "HPSBHF03293", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "SSRT101846", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "MDVSA-2014:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158" - }, - { - "name" : "NetBSD-SA2014-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" - }, - { - "name" : "RHSA-2014:1256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1256.html" - }, - { - "name" : "RHSA-2014:1297", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1297.html" - }, - { - "name" : "openSUSE-SU-2014:1052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" - }, - { - "name" : "openSUSE-SU-2016:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" - }, - { - "name" : "69076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69076" - }, - { - "name" : "1030693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030693" - }, - { - "name" : "59221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59221" - }, - { - "name" : "60687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60687" - }, - { - "name" : "60824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60824" - }, - { - "name" : "60917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60917" - }, - { - "name" : "60921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60921" - }, - { - "name" : "60938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60938" - }, - { - "name" : "61775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61775" - }, - { - "name" : "61959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61959" - }, - { - "name" : "59756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59756" - }, - { - "name" : "60803", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60803" - }, - { - "name" : "61017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61017" - }, - { - "name" : "61040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61040" - }, - { - "name" : "61100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61100" - }, - { - "name" : "61250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61250" - }, - { - "name" : "61184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61184" - }, - { - "name" : "59743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59743" - }, - { - "name" : "60778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60778" - }, - { - "name" : "58962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58962" - }, - { - "name" : "59700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59700" - }, - { - "name" : "59710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59710" - }, - { - "name" : "60022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60022" - }, - { - "name" : "60684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60684" - }, - { - "name" : "60221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60221" - }, - { - "name" : "60493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60493" - }, - { - "name" : "openssl-cve20143506-dos(95160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1297", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636" + }, + { + "name": "openSUSE-SU-2014:1052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html" + }, + { + "name": "60221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60221" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" + }, + { + "name": "60778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60778" + }, + { + "name": "61184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61184" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500" + }, + { + "name": "SSRT101846", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "RHSA-2014:1256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html" + }, + { + "name": "60022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60022" + }, + { + "name": "https://www.openssl.org/news/secadv_20140806.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20140806.txt" + }, + { + "name": "61040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61040" + }, + { + "name": "61017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61017" + }, + { + "name": "61250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61250" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" + }, + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" + }, + { + "name": "GLSA-201412-39", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" + }, + { + "name": "HPSBHF03293", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "60803", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60803" + }, + { + "name": "69076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69076" + }, + { + "name": "60824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60824" + }, + { + "name": "HPSBUX03095", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2" + }, + { + "name": "59700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59700" + }, + { + "name": "FEDORA-2014-9308", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" + }, + { + "name": "1030693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030693" + }, + { + "name": "59743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59743" + }, + { + "name": "openSUSE-SU-2016:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" + }, + { + "name": "60917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60917" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html" + }, + { + "name": "NetBSD-SA2014-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" + }, + { + "name": "60493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60493" + }, + { + "name": "59710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59710" + }, + { + "name": "60921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60921" + }, + { + "name": "HPSBOV03099", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141077370928502&w=2" + }, + { + "name": "59221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59221" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" + }, + { + "name": "61100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61100" + }, + { + "name": "FreeBSD-SA-14:18", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc" + }, + { + "name": "61775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61775" + }, + { + "name": "DSA-2998", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2998" + }, + { + "name": "FEDORA-2014-9301", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" + }, + { + "name": "SSRT101674", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2" + }, + { + "name": "61959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61959" + }, + { + "name": "59756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59756" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" + }, + { + "name": "58962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58962" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html" + }, + { + "name": "60938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60938" + }, + { + "name": "60684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60684" + }, + { + "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", + "refsource": "MLIST", + "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" + }, + { + "name": "openssl-cve20143506-dos(95160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160" + }, + { + "name": "60687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60687" + }, + { + "name": "MDVSA-2014:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3565.json b/2014/3xxx/CVE-2014-3565.json index d66f6d95b6a..42a73bcf2c9 100644 --- a/2014/3xxx/CVE-2014-3565.json +++ b/2014/3xxx/CVE-2014-3565.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/" - }, - { - "name" : "http://sourceforge.net/p/net-snmp/official-patches/48/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/net-snmp/official-patches/48/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1125155", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1125155" - }, - { - "name" : "https://support.apple.com/HT205375", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205375" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "APPLE-SA-2015-10-21-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" - }, - { - "name" : "GLSA-201507-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-17" - }, - { - "name" : "RHSA-2015:1385", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1385.html" - }, - { - "name" : "openSUSE-SU-2014:1108", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html" - }, - { - "name" : "USN-2711-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2711-1" - }, - { - "name" : "69477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205375", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205375" + }, + { + "name": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/" + }, + { + "name": "http://sourceforge.net/p/net-snmp/official-patches/48/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/net-snmp/official-patches/48/" + }, + { + "name": "69477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69477" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "USN-2711-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2711-1" + }, + { + "name": "openSUSE-SU-2014:1108", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html" + }, + { + "name": "GLSA-201507-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-17" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155" + }, + { + "name": "RHSA-2015:1385", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1385.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3734.json b/2014/3xxx/CVE-2014-3734.json index f7763bcfcf5..8c099436d9a 100644 --- a/2014/3xxx/CVE-2014-3734.json +++ b/2014/3xxx/CVE-2014-3734.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3734", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3734", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3977.json b/2014/3xxx/CVE-2014-3977.json index a185b17ef03..aa0a8807cd4 100644 --- a/2014/3xxx/CVE-2014-3977.json +++ b/2014/3xxx/CVE-2014-3977.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33725", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33725" - }, - { - "name" : "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc" - }, - { - "name" : "IV60299", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60299" - }, - { - "name" : "IV60303", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60303" - }, - { - "name" : "IV60311", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60311" - }, - { - "name" : "IV60312", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60312" - }, - { - "name" : "IV60313", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60313" - }, - { - "name" : "IV60314", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60314" - }, - { - "name" : "1030401", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030401" - }, - { - "name" : "aix-libodm-symlink(93595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV60312", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60312" + }, + { + "name": "IV60314", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60314" + }, + { + "name": "IV60299", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60299" + }, + { + "name": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html" + }, + { + "name": "aix-libodm-symlink(93595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/" + }, + { + "name": "1030401", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030401" + }, + { + "name": "IV60313", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60313" + }, + { + "name": "33725", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33725" + }, + { + "name": "IV60303", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60303" + }, + { + "name": "IV60311", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60311" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6002.json b/2014/6xxx/CVE-2014-6002.json index acd60172d83..86450102a62 100644 --- a/2014/6xxx/CVE-2014-6002.json +++ b/2014/6xxx/CVE-2014-6002.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#450057", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/450057" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#450057", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/450057" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6148.json b/2014/6xxx/CVE-2014-6148.json index d454b49a3d1..493391aedb3 100644 --- a/2014/6xxx/CVE-2014-6148.json +++ b/2014/6xxx/CVE-2014-6148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688549", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688549" - }, - { - "name" : "70842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70842" - }, - { - "name" : "61785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61785" - }, - { - "name" : "ibm-taddm-cve20146148-info-disc(96918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549" + }, + { + "name": "61785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61785" + }, + { + "name": "ibm-taddm-cve20146148-info-disc(96918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918" + }, + { + "name": "70842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70842" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6906.json b/2014/6xxx/CVE-2014-6906.json index 96ec8ec7fa9..30638afe4c0 100644 --- a/2014/6xxx/CVE-2014-6906.json +++ b/2014/6xxx/CVE-2014-6906.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#438969", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/438969" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#438969", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/438969" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7194.json b/2014/7xxx/CVE-2014-7194.json index 1358ca17953..92e5abab045 100644 --- a/2014/7xxx/CVE-2014-7194.json +++ b/2014/7xxx/CVE-2014-7194.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt" - }, - { - "name" : "http://www.tibco.com/mk/advisory.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/mk/advisory.jsp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt" + }, + { + "name": "http://www.tibco.com/mk/advisory.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/mk/advisory.jsp" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7389.json b/2014/7xxx/CVE-2014-7389.json index c89e2e0f618..7fcbd6ef451 100644 --- a/2014/7xxx/CVE-2014-7389.json +++ b/2014/7xxx/CVE-2014-7389.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#555129", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/555129" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#555129", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/555129" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7766.json b/2014/7xxx/CVE-2014-7766.json index 260a688f449..967bc9676bb 100644 --- a/2014/7xxx/CVE-2014-7766.json +++ b/2014/7xxx/CVE-2014-7766.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#356689", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/356689" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#356689", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/356689" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7899.json b/2014/7xxx/CVE-2014-7899.json index 7c29cdac190..ccc31630bac 100644 --- a/2014/7xxx/CVE-2014-7899.json +++ b/2014/7xxx/CVE-2014-7899.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=389734", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=389734" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision" - }, - { - "name" : "RHSA-2014:1894", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1894.html" - }, - { - "name" : "71160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71160" - }, - { - "name" : "1031241", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031241" - }, - { - "name" : "60194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60194" - }, - { - "name" : "google-chrome-cve20147899-spoofing(98787)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031241", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031241" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=389734", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=389734" + }, + { + "name": "RHSA-2014:1894", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html" + }, + { + "name": "71160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71160" + }, + { + "name": "60194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60194" + }, + { + "name": "google-chrome-cve20147899-spoofing(98787)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7953.json b/2014/7xxx/CVE-2014-7953.json index 6367d815fc8..7567056e831 100644 --- a/2014/7xxx/CVE-2014-7953.json +++ b/2014/7xxx/CVE-2014-7953.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running \"pm install\" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150417 CVE-2014-7953 Android backup agent code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535296/100/1100/threaded" - }, - { - "name" : "20150417 CVE-2014-7953 Android backup agent code execution", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Apr/52" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E!/", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E!/" - }, - { - "name" : "74213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running \"pm install\" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E!/", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E!/" + }, + { + "name": "20150417 CVE-2014-7953 Android backup agent code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535296/100/1100/threaded" + }, + { + "name": "20150417 CVE-2014-7953 Android backup agent code execution", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Apr/52" + }, + { + "name": "74213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74213" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8014.json b/2014/8xxx/CVE-2014-8014.json index 14dd7878e08..697a821e514 100644 --- a/2014/8xxx/CVE-2014-8014.json +++ b/2014/8xxx/CVE-2014-8014.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141217 Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8014" - }, - { - "name" : "1031396", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031396", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031396" + }, + { + "name": "20141217 Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8014" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8756.json b/2014/8xxx/CVE-2014-8756.json index 4560e15b357..3757c932a65 100644 --- a/2014/8xxx/CVE-2014-8756.json +++ b/2014/8xxx/CVE-2014-8756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-363/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-363/" - }, - { - "name" : "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324", - "refsource" : "CONFIRM", - "url" : "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324", + "refsource": "CONFIRM", + "url": "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-363/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-363/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8787.json b/2014/8xxx/CVE-2014-8787.json index 6a3c330bff5..2ec444d306b 100644 --- a/2014/8xxx/CVE-2014-8787.json +++ b/2014/8xxx/CVE-2014-8787.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8787", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8787", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8860.json b/2014/8xxx/CVE-2014-8860.json index 03ea08fbd82..3bfde65d2b8 100644 --- a/2014/8xxx/CVE-2014-8860.json +++ b/2014/8xxx/CVE-2014-8860.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8860", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8860", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8947.json b/2014/8xxx/CVE-2014-8947.json index e4ffa6fe478..39f14d9bc40 100644 --- a/2014/8xxx/CVE-2014-8947.json +++ b/2014/8xxx/CVE-2014-8947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2036.json b/2016/2xxx/CVE-2016-2036.json index a6309a2aef6..3b3227177ad 100644 --- a/2016/2xxx/CVE-2016-2036.json +++ b/2016/2xxx/CVE-2016-2036.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a \"GET HTTP/1.1\" request, aka SVE-2016-5036." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001", - "refsource" : "MISC", - "url" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a \"GET HTTP/1.1\" request, aka SVE-2016-5036." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001", + "refsource": "MISC", + "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2046.json b/2016/2xxx/CVE-2016-2046.json index 9bbb553700b..2d2c336b9c4 100644 --- a/2016/2xxx/CVE-2016-2046.json +++ b/2016/2xxx/CVE-2016-2046.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Feb/60" - }, - { - "name" : "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/", - "refsource" : "MISC", - "url" : "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/" - }, - { - "name" : "1035048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035048" + }, + { + "name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Feb/60" + }, + { + "name": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html" + }, + { + "name": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/", + "refsource": "MISC", + "url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2589.json b/2016/2xxx/CVE-2016-2589.json index 96c354bb29a..3afacb3a52e 100644 --- a/2016/2xxx/CVE-2016-2589.json +++ b/2016/2xxx/CVE-2016-2589.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2589", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2589", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2703.json b/2016/2xxx/CVE-2016-2703.json index 24feae2dd2d..2f036c2f78e 100644 --- a/2016/2xxx/CVE-2016-2703.json +++ b/2016/2xxx/CVE-2016-2703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2703", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2703", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2926.json b/2016/2xxx/CVE-2016-2926.json index 0e27be410da..600cdec12ab 100644 --- a/2016/2xxx/CVE-2016-2926.json +++ b/2016/2xxx/CVE-2016-2926.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21993444", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21993444" - }, - { - "name" : "94146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94146" - }, - { - "name" : "1037276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037276" - }, - { - "name" : "1037277", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037277" - }, - { - "name" : "1037278", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037278" - }, - { - "name" : "1037279", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94146" + }, + { + "name": "1037279", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037279" + }, + { + "name": "1037277", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037277" + }, + { + "name": "1037278", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037278" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444" + }, + { + "name": "1037276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037276" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6264.json b/2016/6xxx/CVE-2016-6264.json index 0c5aadbfc07..7f3ae7b3f12 100644 --- a/2016/6xxx/CVE-2016-6264.json +++ b/2016/6xxx/CVE-2016-6264.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160720 Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/21/2" - }, - { - "name" : "[oss-security] 20160721 Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/21/6" - }, - { - "name" : "[oss-security] 20160729 CVE Request: uclibc-ng (and uclibc): ARM arch: code execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/29/3" - }, - { - "name" : "[uclibc-ng-devel] 20160526 uClibc-ng and uClibc memset bug, ARM", - "refsource" : "MLIST", - "url" : "http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html" - }, - { - "name" : "[uclibc-ng-devel] 20160703 new release 1.0.16", - "refsource" : "MLIST", - "url" : "http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html" - }, - { - "name" : "91492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160729 CVE Request: uclibc-ng (and uclibc): ARM arch: code execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/29/3" + }, + { + "name": "91492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91492" + }, + { + "name": "[oss-security] 20160720 Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/21/2" + }, + { + "name": "[oss-security] 20160721 Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/21/6" + }, + { + "name": "[uclibc-ng-devel] 20160526 uClibc-ng and uClibc memset bug, ARM", + "refsource": "MLIST", + "url": "http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html" + }, + { + "name": "[uclibc-ng-devel] 20160703 new release 1.0.16", + "refsource": "MLIST", + "url": "http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18300.json b/2017/18xxx/CVE-2017-18300.json index 08202b7d8ba..bc32275f10d 100644 --- a/2017/18xxx/CVE-2017-18300.json +++ b/2017/18xxx/CVE-2017-18300.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Trust Zone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Trust Zone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1078.json b/2017/1xxx/CVE-2017-1078.json index 278ecab6da3..b01d145e2db 100644 --- a/2017/1xxx/CVE-2017-1078.json +++ b/2017/1xxx/CVE-2017-1078.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1078", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1078", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5076.json b/2017/5xxx/CVE-2017-5076.json index 2a1d121b9ca..711fdee4b38 100644 --- a/2017/5xxx/CVE-2017-5076.json +++ b/2017/5xxx/CVE-2017-5076.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient Policy Enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/719199", - "refsource" : "MISC", - "url" : "https://crbug.com/719199" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1399" - }, - { - "name" : "98861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98861" - }, - { - "name" : "1038622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Policy Enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/719199", + "refsource": "MISC", + "url": "https://crbug.com/719199" + }, + { + "name": "98861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98861" + }, + { + "name": "RHSA-2017:1399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1399" + }, + { + "name": "1038622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038622" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5206.json b/2017/5xxx/CVE-2017-5206.json index 28648731e70..7e10f8a9830 100644 --- a/2017/5xxx/CVE-2017-5206.json +++ b/2017/5xxx/CVE-2017-5206.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170107 Re: Firejail local root exploit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/07/5" - }, - { - "name" : "https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51", - "refsource" : "MISC", - "url" : "https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51" - }, - { - "name" : "https://firejail.wordpress.com/download-2/release-notes/", - "refsource" : "CONFIRM", - "url" : "https://firejail.wordpress.com/download-2/release-notes/" - }, - { - "name" : "https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e", - "refsource" : "CONFIRM", - "url" : "https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e" - }, - { - "name" : "GLSA-201701-62", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-62" - }, - { - "name" : "97120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170107 Re: Firejail local root exploit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/07/5" + }, + { + "name": "https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51", + "refsource": "MISC", + "url": "https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51" + }, + { + "name": "GLSA-201701-62", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-62" + }, + { + "name": "https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e", + "refsource": "CONFIRM", + "url": "https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e" + }, + { + "name": "97120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97120" + }, + { + "name": "https://firejail.wordpress.com/download-2/release-notes/", + "refsource": "CONFIRM", + "url": "https://firejail.wordpress.com/download-2/release-notes/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5513.json b/2017/5xxx/CVE-2017-5513.json index 7a6e17a9e5b..50001395487 100644 --- a/2017/5xxx/CVE-2017-5513.json +++ b/2017/5xxx/CVE-2017-5513.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5513", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5513", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5598.json b/2017/5xxx/CVE-2017-5598.json index 2fd29b1d21e..34d607cb030 100644 --- a/2017/5xxx/CVE-2017-5598.json +++ b/2017/5xxx/CVE-2017-5598.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa", - "refsource" : "MISC", - "url" : "https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa" - }, - { - "name" : "95836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa", + "refsource": "MISC", + "url": "https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa" + }, + { + "name": "95836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95836" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5813.json b/2017/5xxx/CVE-2017-5813.json index 960392cad86..3659de81e48 100644 --- a/2017/5xxx/CVE-2017-5813.json +++ b/2017/5xxx/CVE-2017-5813.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-05-04T00:00:00", - "ID" : "CVE-2017-5813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Automation", - "version" : { - "version_data" : [ - { - "version_value" : "9.1x, 9.2x, 10.0x, 10.1x and 10.2x" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote unauthenticated access" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-05-04T00:00:00", + "ID": "CVE-2017-5813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Automation", + "version": { + "version_data": [ + { + "version_value": "9.1x, 9.2x, 10.0x, 10.1x and 10.2x" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us" - }, - { - "name" : "98331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98331" - }, - { - "name" : "1038407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote unauthenticated access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us" + }, + { + "name": "98331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98331" + }, + { + "name": "1038407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038407" + } + ] + } +} \ No newline at end of file