diff --git a/2006/0xxx/CVE-2006-0171.json b/2006/0xxx/CVE-2006-0171.json index 87ff18b8d46..4233d0cea18 100644 --- a/2006/0xxx/CVE-2006-0171.json +++ b/2006/0xxx/CVE-2006-0171.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060106 Orjinweb E-commerce", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421312/100/0/threaded" - }, - { - "name" : "16199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16199" - }, - { - "name" : "22387", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22387" - }, - { - "name" : "orjinweb-url-file-include(24097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060106 Orjinweb E-commerce", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421312/100/0/threaded" + }, + { + "name": "22387", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22387" + }, + { + "name": "orjinweb-url-file-include(24097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24097" + }, + { + "name": "16199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16199" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0301.json b/2006/0xxx/CVE-2006-0301.json index 1fed3af58d7..efc9d721ee9 100644 --- a/2006/0xxx/CVE-2006-0301.json +++ b/2006/0xxx/CVE-2006-0301.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=141242", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=141242" - }, - { - "name" : "20060202 [KDE Security Advisory] kpdf/xpdf heap based buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423899/100/0/threaded" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20060202-1.txt", - "refsource" : "MISC", - "url" : "http://www.kde.org/info/security/advisory-20060202-1.txt" - }, - { - "name" : "DSA-971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-971" - }, - { - "name" : "DSA-974", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-974" - }, - { - "name" : "DSA-972", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-972" - }, - { - "name" : "FLSA:175404", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded" - }, - { - "name" : "FEDORA-2006-103", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html" - }, - { - "name" : "GLSA-200602-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml" - }, - { - "name" : "GLSA-200602-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml" - }, - { - "name" : "GLSA-200602-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml" - }, - { - "name" : "MDKSA-2006:030", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:030" - }, - { - "name" : "MDKSA-2006:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:031" - }, - { - "name" : "MDKSA-2006:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:032" - }, - { - "name" : "RHSA-2006:0201", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0201.html" - }, - { - "name" : "RHSA-2006:0206", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0206.html" - }, - { - "name" : "SCOSA-2006.15", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" - }, - { - "name" : "SSA:2006-045-04", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" - }, - { - "name" : "SSA:2006-045-09", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" - }, - { - "name" : "USN-249-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-249-1" - }, - { - "name" : "oval:org.mitre.oval:def:10850", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850" - }, - { - "name" : "ADV-2006-0389", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0389" - }, - { - "name" : "ADV-2006-0422", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0422" - }, - { - "name" : "1015576", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015576" - }, - { - "name" : "18677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18677" - }, - { - "name" : "18707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18707" - }, - { - "name" : "18834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18834" - }, - { - "name" : "18875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18875" - }, - { - "name" : "18274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18274" - }, - { - "name" : "18825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18825" - }, - { - "name" : "18826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18826" - }, - { - "name" : "18837", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18837" - }, - { - "name" : "18838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18838" - }, - { - "name" : "18860", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18860" - }, - { - "name" : "18862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18862" - }, - { - "name" : "18864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18864" - }, - { - "name" : "18882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18882" - }, - { - "name" : "18908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18908" - }, - { - "name" : "18913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18913" - }, - { - "name" : "18983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18983" - }, - { - "name" : "19377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19377" - }, - { - "name" : "18839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18839" - }, - { - "name" : "470", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/470" - }, - { - "name" : "xpdf-splash-bo(24391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18707" + }, + { + "name": "ADV-2006-0422", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0422" + }, + { + "name": "1015576", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015576" + }, + { + "name": "SCOSA-2006.15", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" + }, + { + "name": "18837", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18837" + }, + { + "name": "xpdf-splash-bo(24391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24391" + }, + { + "name": "18834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18834" + }, + { + "name": "MDKSA-2006:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:031" + }, + { + "name": "18983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18983" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046" + }, + { + "name": "MDKSA-2006:030", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:030" + }, + { + "name": "20060202 [KDE Security Advisory] kpdf/xpdf heap based buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423899/100/0/threaded" + }, + { + "name": "18864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18864" + }, + { + "name": "ADV-2006-0389", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0389" + }, + { + "name": "18677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18677" + }, + { + "name": "GLSA-200602-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml" + }, + { + "name": "FEDORA-2006-103", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html" + }, + { + "name": "RHSA-2006:0201", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0201.html" + }, + { + "name": "MDKSA-2006:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:032" + }, + { + "name": "GLSA-200602-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml" + }, + { + "name": "18882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18882" + }, + { + "name": "18274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18274" + }, + { + "name": "oval:org.mitre.oval:def:10850", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850" + }, + { + "name": "DSA-974", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-974" + }, + { + "name": "DSA-971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-971" + }, + { + "name": "18825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18825" + }, + { + "name": "RHSA-2006:0206", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0206.html" + }, + { + "name": "http://www.kde.org/info/security/advisory-20060202-1.txt", + "refsource": "MISC", + "url": "http://www.kde.org/info/security/advisory-20060202-1.txt" + }, + { + "name": "470", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/470" + }, + { + "name": "SSA:2006-045-09", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" + }, + { + "name": "18875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18875" + }, + { + "name": "GLSA-200602-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml" + }, + { + "name": "18860", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18860" + }, + { + "name": "18908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18908" + }, + { + "name": "18839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18839" + }, + { + "name": "USN-249-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-249-1" + }, + { + "name": "18862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18862" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=141242", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=141242" + }, + { + "name": "SSA:2006-045-04", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" + }, + { + "name": "19377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19377" + }, + { + "name": "FLSA:175404", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded" + }, + { + "name": "DSA-972", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-972" + }, + { + "name": "18913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18913" + }, + { + "name": "18838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18838" + }, + { + "name": "18826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18826" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3078.json b/2006/3xxx/CVE-2006-3078.json index 339ae1d0c3b..3a4d00f694b 100644 --- a/2006/3xxx/CVE-2006-3078.json +++ b/2006/3xxx/CVE-2006-3078.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 APBoard 2.2-r3 <= SQL Injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437271/100/0/threaded" - }, - { - "name" : "18447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18447" - }, - { - "name" : "ADV-2006-2401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2401" - }, - { - "name" : "26582", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26582" - }, - { - "name" : "26583", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26583" - }, - { - "name" : "20682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20682" - }, - { - "name" : "1117", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1117" - }, - { - "name" : "apboard-multiple-sql-injection(27163)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20682" + }, + { + "name": "26583", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26583" + }, + { + "name": "26582", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26582" + }, + { + "name": "ADV-2006-2401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2401" + }, + { + "name": "18447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18447" + }, + { + "name": "apboard-multiple-sql-injection(27163)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27163" + }, + { + "name": "1117", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1117" + }, + { + "name": "20060614 APBoard 2.2-r3 <= SQL Injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437271/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3318.json b/2006/3xxx/CVE-2006-3318.json index 33be7e1855c..d2b66d3d1f5 100644 --- a/2006/3xxx/CVE-2006-3318.json +++ b/2006/3xxx/CVE-2006-3318.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-3318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438706/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-47/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-47/advisory/" - }, - { - "name" : "ADV-2006-2593", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2593" - }, - { - "name" : "20865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20865" - }, - { - "name" : "1173", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1173" - }, - { - "name" : "phpraid-register-sql-injection(27459)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2006-47/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-47/advisory/" + }, + { + "name": "phpraid-register-sql-injection(27459)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27459" + }, + { + "name": "ADV-2006-2593", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2593" + }, + { + "name": "20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438706/100/0/threaded" + }, + { + "name": "1173", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1173" + }, + { + "name": "20865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20865" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3383.json b/2006/3xxx/CVE-2006-3383.json index 5ca33df1991..744d55f174a 100644 --- a/2006/3xxx/CVE-2006-3383.json +++ b/2006/3xxx/CVE-2006-3383.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-2641", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2641" - }, - { - "name" : "20932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20932" - }, - { - "name" : "mads-index-search-xss(27510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2641", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2641" + }, + { + "name": "mads-index-search-xss(27510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27510" + }, + { + "name": "20932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20932" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4381.json b/2006/4xxx/CVE-2006-4381.json index b889eae28c1..dd81cfd912c 100644 --- a/2006/4xxx/CVE-2006-4381.json +++ b/2006/4xxx/CVE-2006-4381.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060912 Apple QuickTime H.264 Integer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445830/100/0/threaded" - }, - { - "name" : "http://secway.org/advisory/AD20060912.txt", - "refsource" : "MISC", - "url" : "http://secway.org/advisory/AD20060912.txt" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=304357", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304357" - }, - { - "name" : "APPLE-SA-2006-09-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html" - }, - { - "name" : "19976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19976" - }, - { - "name" : "ADV-2006-3577", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3577" - }, - { - "name" : "28774", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28774" - }, - { - "name" : "1016830", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016830" - }, - { - "name" : "21893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21893" - }, - { - "name" : "1551", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1551" - }, - { - "name" : "quicktime-h264-integer-overflow(28928)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016830", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016830" + }, + { + "name": "21893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21893" + }, + { + "name": "http://secway.org/advisory/AD20060912.txt", + "refsource": "MISC", + "url": "http://secway.org/advisory/AD20060912.txt" + }, + { + "name": "19976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19976" + }, + { + "name": "1551", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1551" + }, + { + "name": "28774", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28774" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304357", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304357" + }, + { + "name": "APPLE-SA-2006-09-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html" + }, + { + "name": "ADV-2006-3577", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3577" + }, + { + "name": "quicktime-h264-integer-overflow(28928)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28928" + }, + { + "name": "20060912 Apple QuickTime H.264 Integer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445830/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4459.json b/2006/4xxx/CVE-2006-4459.json index 778290d6529..37e423aef67 100644 --- a/2006/4xxx/CVE-2006-4459.json +++ b/2006/4xxx/CVE-2006-4459.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060904 AnywhereUSB/5 1.80.00 Drivers Integer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445088/100/0/threaded" - }, - { - "name" : "http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt", - "refsource" : "MISC", - "url" : "http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt" - }, - { - "name" : "19833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19833" - }, - { - "name" : "21739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21739" - }, - { - "name" : "1500", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1500", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1500" + }, + { + "name": "19833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19833" + }, + { + "name": "http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt", + "refsource": "MISC", + "url": "http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt" + }, + { + "name": "20060904 AnywhereUSB/5 1.80.00 Drivers Integer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445088/100/0/threaded" + }, + { + "name": "21739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21739" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4702.json b/2006/4xxx/CVE-2006-4702.json index 921c06fa4be..106c022fcb2 100644 --- a/2006/4xxx/CVE-2006-4702.json +++ b/2006/4xxx/CVE-2006-4702.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-4702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm" - }, - { - "name" : "HPSBST02180", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded" - }, - { - "name" : "SSRT061288", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded" - }, - { - "name" : "MS06-078", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-078" - }, - { - "name" : "TA06-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" - }, - { - "name" : "21505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21505" - }, - { - "name" : "oval:org.mitre.oval:def:536", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A536" - }, - { - "name" : "1017372", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm" + }, + { + "name": "MS06-078", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-078" + }, + { + "name": "21505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21505" + }, + { + "name": "TA06-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" + }, + { + "name": "oval:org.mitre.oval:def:536", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A536" + }, + { + "name": "SSRT061288", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" + }, + { + "name": "HPSBST02180", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" + }, + { + "name": "1017372", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017372" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4864.json b/2006/4xxx/CVE-2006-4864.json index 8ca0d487b29..902ccf7059a 100644 --- a/2006/4xxx/CVE-2006-4864.json +++ b/2006/4xxx/CVE-2006-4864.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446106/100/0/threaded" - }, - { - "name" : "http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt", - "refsource" : "MISC", - "url" : "http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt" - }, - { - "name" : "ADV-2006-3658", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3658" - }, - { - "name" : "21971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21971" - }, - { - "name" : "1603", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1603" - }, - { - "name" : "reviewpostphppro-rppath-file-include(28992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3658", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3658" + }, + { + "name": "http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt", + "refsource": "MISC", + "url": "http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt" + }, + { + "name": "21971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21971" + }, + { + "name": "1603", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1603" + }, + { + "name": "reviewpostphppro-rppath-file-include(28992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28992" + }, + { + "name": "20060915 SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446106/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4932.json b/2006/4xxx/CVE-2006-4932.json index e6c62331f30..a4eda67cc16 100644 --- a/2006/4xxx/CVE-2006-4932.json +++ b/2006/4xxx/CVE-2006-4932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4932", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4932", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6327.json b/2006/6xxx/CVE-2006-6327.json index f7afbc1345e..9bd8ec2b2fc 100644 --- a/2006/6xxx/CVE-2006-6327.json +++ b/2006/6xxx/CVE-2006-6327.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6327", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6327", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6970.json b/2006/6xxx/CVE-2006-6970.json index 8c0d950e1a4..2bf77d9505e 100644 --- a/2006/6xxx/CVE-2006-6970.json +++ b/2006/6xxx/CVE-2006-6970.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the \".\" and \"/\" characters, which is not caught by the blacklist filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070206 Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459265/100/0/threaded" - }, - { - "name" : "http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php", - "refsource" : "MISC", - "url" : "http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php" - }, - { - "name" : "34927", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the \".\" and \"/\" characters, which is not caught by the blacklist filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070206 Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459265/100/0/threaded" + }, + { + "name": "34927", + "refsource": "OSVDB", + "url": "http://osvdb.org/34927" + }, + { + "name": "http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php", + "refsource": "MISC", + "url": "http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7010.json b/2006/7xxx/CVE-2006-7010.json index 9a3ed9063ec..eb36427ae0f 100644 --- a/2006/7xxx/CVE-2006-7010.json +++ b/2006/7xxx/CVE-2006-7010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1510/74/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1510/74/" - }, - { - "name" : "26916", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26916" - }, - { - "name" : "20874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.joomla.org/content/view/1510/74/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1510/74/" + }, + { + "name": "26916", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26916" + }, + { + "name": "20874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20874" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2358.json b/2010/2xxx/CVE-2010-2358.json index 1adad9ac3be..d95037887c2 100644 --- a/2010/2xxx/CVE-2010-2358.json +++ b/2010/2xxx/CVE-2010-2358.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13889", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13889" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/nakid-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/nakid-rfi.txt" - }, - { - "name" : "40882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40882" - }, - { - "name" : "40174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40174" - }, - { - "name" : "ADV-2010-1498", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1498" - }, - { - "name" : "nakidcms-uploadphoto-file-include(59453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nakidcms-uploadphoto-file-include(59453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59453" + }, + { + "name": "13889", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13889" + }, + { + "name": "ADV-2010-1498", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1498" + }, + { + "name": "40174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40174" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/nakid-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/nakid-rfi.txt" + }, + { + "name": "40882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40882" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2450.json b/2010/2xxx/CVE-2010-2450.json index d83d15d2b93..3300df17b2c 100644 --- a/2010/2xxx/CVE-2010-2450.json +++ b/2010/2xxx/CVE-2010-2450.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2450", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2450", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2496.json b/2010/2xxx/CVE-2010-2496.json index 307da184f74..25eb570bb8c 100644 --- a/2010/2xxx/CVE-2010-2496.json +++ b/2010/2xxx/CVE-2010-2496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2496", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2496", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2690.json b/2010/2xxx/CVE-2010-2690.json index f61e8b3d405..e859a121352 100644 --- a/2010/2xxx/CVE-2010-2690.json +++ b/2010/2xxx/CVE-2010-2690.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14126", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14126" - }, - { - "name" : "41257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14126", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14126" + }, + { + "name": "41257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41257" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2752.json b/2010/2xxx/CVE-2010-2752.json index 0ad8445fd42..caa97041323 100644 --- a/2010/2xxx/CVE-2010-2752.json +++ b/2010/2xxx/CVE-2010-2752.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100721 ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512514" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-133/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-133/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=574059", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=574059" - }, - { - "name" : "41852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41852" - }, - { - "name" : "oval:org.mitre.oval:def:11680", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11680", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680" + }, + { + "name": "41852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41852" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-133/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-133/" + }, + { + "name": "20100721 ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512514" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=574059", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=574059" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2873.json b/2010/2xxx/CVE-2010-2873.json index ae95500b8a2..d0d4e78a6f5 100644 --- a/2010/2xxx/CVE-2010-2873.json +++ b/2010/2xxx/CVE-2010-2873.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100824 ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513307/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-162", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-162" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" - }, - { - "name" : "42682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42682" - }, - { - "name" : "oval:org.mitre.oval:def:12042", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042" - }, - { - "name" : "1024361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024361" - }, - { - "name" : "ADV-2010-2176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024361" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html" + }, + { + "name": "oval:org.mitre.oval:def:12042", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042" + }, + { + "name": "20100824 ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513307/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-162", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-162" + }, + { + "name": "42682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42682" + }, + { + "name": "ADV-2010-2176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2176" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3115.json b/2010/3xxx/CVE-2010-3115.json index 009629f3e66..daff9e1a00c 100644 --- a/2010/3xxx/CVE-2010-3115.json +++ b/2010/3xxx/CVE-2010-3115.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=49964", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=49964" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "44203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44203" - }, - { - "name" : "oval:org.mitre.oval:def:11953", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11953" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=49964", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=49964" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "oval:org.mitre.oval:def:11953", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11953" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "44203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44203" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0034.json b/2011/0xxx/CVE-2011-0034.json index 1f40ff53b13..2945dc49975 100644 --- a/2011/0xxx/CVE-2011-0034.json +++ b/2011/0xxx/CVE-2011-0034.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka \"OpenType Font Stack Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-032" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11860", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka \"OpenType Font Stack Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-032" + }, + { + "name": "oval:org.mitre.oval:def:11860", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11860" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0231.json b/2011/0xxx/CVE-2011-0231.json index 47ba08fe4b5..34e860c2b92 100644 --- a/2011/0xxx/CVE-2011-0231.json +++ b/2011/0xxx/CVE-2011-0231.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a \"synchronization issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a \"synchronization issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0934.json b/2011/0xxx/CVE-2011-0934.json index 1d7ba15c73a..5efc0016417 100644 --- a/2011/0xxx/CVE-2011-0934.json +++ b/2011/0xxx/CVE-2011-0934.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0934", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0934", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0953.json b/2011/0xxx/CVE-2011-0953.json index 72851c788aa..da1ad16b318 100644 --- a/2011/0xxx/CVE-2011-0953.json +++ b/2011/0xxx/CVE-2011-0953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1028.json b/2011/1xxx/CVE-2011-1028.json index a904b6a1b51..38b435a3007 100644 --- a/2011/1xxx/CVE-2011-1028.json +++ b/2011/1xxx/CVE-2011-1028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1028", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1028", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1224.json b/2011/1xxx/CVE-2011-1224.json index 3b5dc5b885a..627cb429c4a 100644 --- a/2011/1xxx/CVE-2011-1224.json +++ b/2011/1xxx/CVE-2011-1224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007069" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224" - }, - { - "name" : "IZ92813", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813" - }, - { - "name" : "websphere-mq-cdb-security-bypass(68229)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007069", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007069" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224" + }, + { + "name": "websphere-mq-cdb-security-bypass(68229)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229" + }, + { + "name": "IZ92813", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1845.json b/2011/1xxx/CVE-2011-1845.json index 61249b33979..5fca50bf306 100644 --- a/2011/1xxx/CVE-2011-1845.json +++ b/2011/1xxx/CVE-2011-1845.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://isc.sans.edu/diary.html?storyid=10747", - "refsource" : "MISC", - "url" : "http://isc.sans.edu/diary.html?storyid=10747" - }, - { - "name" : "2526954", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/2526954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://isc.sans.edu/diary.html?storyid=10747", + "refsource": "MISC", + "url": "http://isc.sans.edu/diary.html?storyid=10747" + }, + { + "name": "2526954", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/2526954" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5082.json b/2011/5xxx/CVE-2011-5082.json index d638f3ee489..b90b4b8186e 100644 --- a/2011/5xxx/CVE-2011-5082.json +++ b/2011/5xxx/CVE-2011-5082.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982", - "refsource" : "CONFIRM", - "url" : "http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982" - }, - { - "name" : "51997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51997" - }, - { - "name" : "47954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47954" - }, - { - "name" : "s2memberpro-couponcode-xss(73202)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47954" + }, + { + "name": "51997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51997" + }, + { + "name": "http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982", + "refsource": "CONFIRM", + "url": "http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982" + }, + { + "name": "s2memberpro-couponcode-xss(73202)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73202" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3251.json b/2014/3xxx/CVE-2014-3251.json index 263354a9299..4348a9c205a 100644 --- a/2014/3xxx/CVE-2014-3251.json +++ b/2014/3xxx/CVE-2014-3251.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://puppetlabs.com/security/cve/cve-2014-3251", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2014-3251" - }, - { - "name" : "109257", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/109257" - }, - { - "name" : "59356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59356" - }, - { - "name" : "60066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "109257", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/109257" + }, + { + "name": "http://puppetlabs.com/security/cve/cve-2014-3251", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2014-3251" + }, + { + "name": "60066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60066" + }, + { + "name": "59356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59356" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3489.json b/2014/3xxx/CVE-2014-3489.json index 7726f5a4602..96c92bcaac2 100644 --- a/2014/3xxx/CVE-2014-3489.json +++ b/2014/3xxx/CVE-2014-3489.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0816.html" - }, - { - "name" : "68299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68299" + }, + { + "name": "RHSA-2014:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3557.json b/2014/3xxx/CVE-2014-3557.json index 4435e5d7462..3bd3dc9ed57 100644 --- a/2014/3xxx/CVE-2014-3557.json +++ b/2014/3xxx/CVE-2014-3557.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3557", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3557", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3833.json b/2014/3xxx/CVE-2014-3833.json index afcf8663224..8a60fe3d060 100644 --- a/2014/3xxx/CVE-2014-3833.json +++ b/2014/3xxx/CVE-2014-3833.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oc-sa-2014-010", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oc-sa-2014-010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oc-sa-2014-010", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6154.json b/2014/6xxx/CVE-2014-6154.json index 965b96bbe91..059a4cdea54 100644 --- a/2014/6xxx/CVE-2014-6154.json +++ b/2014/6xxx/CVE-2014-6154.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696000", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696000" - }, - { - "name" : "ibm-optim-cve20146154-directory-traversal(97677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-optim-cve20146154-directory-traversal(97677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97677" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696000", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696000" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6350.json b/2014/6xxx/CVE-2014-6350.json index 0cf25f3d098..e8987111604 100644 --- a/2014/6xxx/CVE-2014-6350.json +++ b/2014/6xxx/CVE-2014-6350.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2014-6349." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" - }, - { - "name" : "70940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70940" - }, - { - "name" : "1031185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2014-6349." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031185" + }, + { + "name": "MS14-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" + }, + { + "name": "70940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70940" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7452.json b/2014/7xxx/CVE-2014-7452.json index 55600c57d4d..c60e65d8a70 100644 --- a/2014/7xxx/CVE-2014-7452.json +++ b/2014/7xxx/CVE-2014-7452.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#211489", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/211489" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#211489", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/211489" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7603.json b/2014/7xxx/CVE-2014-7603.json index 4d484ebbea0..7054fea0c7f 100644 --- a/2014/7xxx/CVE-2014-7603.json +++ b/2014/7xxx/CVE-2014-7603.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#715993", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/715993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#715993", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/715993" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7629.json b/2014/7xxx/CVE-2014-7629.json index 72cc6a1148a..023349fc50f 100644 --- a/2014/7xxx/CVE-2014-7629.json +++ b/2014/7xxx/CVE-2014-7629.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#953505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/953505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#953505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/953505" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7989.json b/2014/7xxx/CVE-2014-7989.json index b7a5ef79ca6..64fa1be9da3 100644 --- a/2014/7xxx/CVE-2014-7989.json +++ b/2014/7xxx/CVE-2014-7989.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-7989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141106 Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7989" - }, - { - "name" : "70969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70969" - }, - { - "name" : "1031178", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031178" - }, - { - "name" : "cisco-ucs-cve20147989-priv-esc(98530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70969" + }, + { + "name": "1031178", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031178" + }, + { + "name": "cisco-ucs-cve20147989-priv-esc(98530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98530" + }, + { + "name": "20141106 Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7989" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8513.json b/2014/8xxx/CVE-2014-8513.json index e6e1bd29ac7..b8619fcadcd 100644 --- a/2014/8xxx/CVE-2014-8513.json +++ b/2014/8xxx/CVE-2014-8513.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8798.json b/2014/8xxx/CVE-2014-8798.json index 09014c1772a..db41180de9b 100644 --- a/2014/8xxx/CVE-2014-8798.json +++ b/2014/8xxx/CVE-2014-8798.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8798", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8798", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2109.json b/2016/2xxx/CVE-2016-2109.json index f6e5626078d..945461dd561 100644 --- a/2016/2xxx/CVE-2016-2109.json +++ b/2016/2xxx/CVE-2016-2109.json @@ -1,327 +1,327 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807" - }, - { - "name" : "https://www.openssl.org/news/secadv/20160503.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20160503.txt" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa123", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa123" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160504-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160504-0001/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl" - }, - { - "name" : "DSA-3566", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3566" - }, - { - "name" : "FreeBSD-SA-16:17", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc" - }, - { - "name" : "GLSA-201612-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-16" - }, - { - "name" : "RHSA-2016:0722", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0722.html" - }, - { - "name" : "RHSA-2016:0996", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0996.html" - }, - { - "name" : "RHSA-2016:2056", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2056.html" - }, - { - "name" : "RHSA-2016:2073", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2073.html" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "SSA:2016-124-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103" - }, - { - "name" : "SUSE-SU-2016:1206", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" - }, - { - "name" : "SUSE-SU-2016:1228", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:1231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:1233", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" - }, - { - "name" : "openSUSE-SU-2016:1238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:1240", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" - }, - { - "name" : "openSUSE-SU-2016:1241", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" - }, - { - "name" : "SUSE-SU-2016:1267", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:1242", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:1243", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" - }, - { - "name" : "openSUSE-SU-2016:1273", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" - }, - { - "name" : "SUSE-SU-2016:1290", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" - }, - { - "name" : "SUSE-SU-2016:1360", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" - }, - { - "name" : "USN-2959-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2959-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "87940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/87940" - }, - { - "name" : "1035721", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" + }, + { + "name": "SSA:2016-124-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103" + }, + { + "name": "RHSA-2016:2056", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html" + }, + { + "name": "openSUSE-SU-2016:1238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" + }, + { + "name": "openSUSE-SU-2016:1242", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "SUSE-SU-2016:1267", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" + }, + { + "name": "RHSA-2016:2073", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "DSA-3566", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3566" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160" + }, + { + "name": "openSUSE-SU-2016:1243", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" + }, + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" + }, + { + "name": "SUSE-SU-2016:1228", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" + }, + { + "name": "1035721", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035721" + }, + { + "name": "openSUSE-SU-2016:1239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" + }, + { + "name": "SUSE-SU-2016:1206", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" + }, + { + "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "SUSE-SU-2016:1231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2016:1240", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" + }, + { + "name": "openSUSE-SU-2016:1241", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "SUSE-SU-2016:1360", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "SUSE-SU-2016:1233", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" + }, + { + "name": "openSUSE-SU-2016:1237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202" + }, + { + "name": "RHSA-2016:0996", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160504-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "SUSE-SU-2016:1290", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" + }, + { + "name": "openSUSE-SU-2016:1273", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "USN-2959-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2959-1" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "87940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/87940" + }, + { + "name": "RHSA-2016:0722", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html" + }, + { + "name": "FreeBSD-SA-16:17", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc" + }, + { + "name": "https://www.openssl.org/news/secadv/20160503.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160503.txt" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa123", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa123" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2227.json b/2016/2xxx/CVE-2016-2227.json index 3fba27e99f7..22e8378a319 100644 --- a/2016/2xxx/CVE-2016-2227.json +++ b/2016/2xxx/CVE-2016-2227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2227", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2227", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6853.json b/2016/6xxx/CVE-2016-6853.json index 140729235ce..b905ed69f5b 100644 --- a/2016/6xxx/CVE-2016-6853.json +++ b/2016/6xxx/CVE-2016-6853.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160913 Open-Xchange Security Advisory 2016-09-13 (2)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539395/100/0/threaded" - }, - { - "name" : "40377", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40377/" - }, - { - "name" : "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html", - "refsource" : "CONFIRM", - "url" : "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html" - }, - { - "name" : "92920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92920" + }, + { + "name": "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html", + "refsource": "CONFIRM", + "url": "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html" + }, + { + "name": "40377", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40377/" + }, + { + "name": "20160913 Open-Xchange Security Advisory 2016-09-13 (2)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539395/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1050.json b/2017/1xxx/CVE-2017-1050.json index d1f3c433897..cfa8f3d729b 100644 --- a/2017/1xxx/CVE-2017-1050.json +++ b/2017/1xxx/CVE-2017-1050.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1050", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1050", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1111.json b/2017/1xxx/CVE-2017-1111.json index 44e65938aed..a6f2c5eb5db 100644 --- a/2017/1xxx/CVE-2017-1111.json +++ b/2017/1xxx/CVE-2017-1111.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1111", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1111", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1389.json b/2017/1xxx/CVE-2017-1389.json index 05413af1f26..f827fdb8fab 100644 --- a/2017/1xxx/CVE-2017-1389.json +++ b/2017/1xxx/CVE-2017-1389.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1389", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1389", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5013.json b/2017/5xxx/CVE-2017-5013.json index 56b8418b6a7..9654857a398 100644 --- a/2017/5xxx/CVE-2017-5013.json +++ b/2017/5xxx/CVE-2017-5013.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 56.0.2924.76 for Linux", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 56.0.2924.76 for Linux" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 56.0.2924.76 for Linux", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 56.0.2924.76 for Linux" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/677716", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/677716" - }, - { - "name" : "DSA-3776", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3776" - }, - { - "name" : "GLSA-201701-66", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-66" - }, - { - "name" : "RHSA-2017:0206", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html" - }, - { - "name" : "95792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95792" - }, - { - "name" : "1037718", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95792" + }, + { + "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201701-66", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-66" + }, + { + "name": "RHSA-2017:0206", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html" + }, + { + "name": "https://crbug.com/677716", + "refsource": "CONFIRM", + "url": "https://crbug.com/677716" + }, + { + "name": "1037718", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037718" + }, + { + "name": "DSA-3776", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3776" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5201.json b/2017/5xxx/CVE-2017-5201.json index e57db8751e7..b3eeea0c98f 100644 --- a/2017/5xxx/CVE-2017-5201.json +++ b/2017/5xxx/CVE-2017-5201.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20170809-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170809-0001/" - }, - { - "name" : "101776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101776" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170809-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170809-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5521.json b/2017/5xxx/CVE-2017-5521.json index 95567b70bd3..b3abcd81d2c 100644 --- a/2017/5xxx/CVE-2017-5521.json +++ b/2017/5xxx/CVE-2017-5521.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41205", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41205/" - }, - { - "name" : "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability", - "refsource" : "CONFIRM", - "url" : "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability" - }, - { - "name" : "95457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41205", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41205/" + }, + { + "name": "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability", + "refsource": "CONFIRM", + "url": "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability" + }, + { + "name": "95457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95457" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5545.json b/2017/5xxx/CVE-2017-5545.json index 5636acdb32d..c6fa8d63dbc 100644 --- a/2017/5xxx/CVE-2017-5545.json +++ b/2017/5xxx/CVE-2017-5545.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee", - "refsource" : "CONFIRM", - "url" : "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee" - }, - { - "name" : "https://github.com/libimobiledevice/libplist/issues/87", - "refsource" : "CONFIRM", - "url" : "https://github.com/libimobiledevice/libplist/issues/87" - }, - { - "name" : "95702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee", + "refsource": "CONFIRM", + "url": "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee" + }, + { + "name": "https://github.com/libimobiledevice/libplist/issues/87", + "refsource": "CONFIRM", + "url": "https://github.com/libimobiledevice/libplist/issues/87" + }, + { + "name": "95702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95702" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5698.json b/2017/5xxx/CVE-2017-5698.json index 1dfdeacf20b..dcc2c3dbcf3 100644 --- a/2017/5xxx/CVE-2017-5698.json +++ b/2017/5xxx/CVE-2017-5698.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-09-28T00:00:00", - "ID" : "CVE-2017-5698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology", - "version" : { - "version_data" : [ - { - "version_value" : "version 11.0.25.3001 and 11.0.26.3000" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-09-28T00:00:00", + "ID": "CVE-2017-5698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology", + "version": { + "version_data": [ + { + "version_value": "version 11.0.25.3001 and 11.0.26.3000" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr" + } + ] + } +} \ No newline at end of file