diff --git a/2006/0xxx/CVE-2006-0239.json b/2006/0xxx/CVE-2006-0239.json index 5cb3e3b7b4c..ae547d68099 100644 --- a/2006/0xxx/CVE-2006-0239.json +++ b/2006/0xxx/CVE-2006-0239.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060114 [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422102/100/0/threaded" - }, - { - "name" : "http://www.hackerscenter.com/archive/view.asp?id=21926", - "refsource" : "MISC", - "url" : "http://www.hackerscenter.com/archive/view.asp?id=21926" - }, - { - "name" : "16243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16243" - }, - { - "name" : "ADV-2006-0194", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0194" - }, - { - "name" : "22448", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22448" - }, - { - "name" : "18488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18488" - }, - { - "name" : "simpleblog-comment-xss(24154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0194", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0194" + }, + { + "name": "http://www.hackerscenter.com/archive/view.asp?id=21926", + "refsource": "MISC", + "url": "http://www.hackerscenter.com/archive/view.asp?id=21926" + }, + { + "name": "16243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16243" + }, + { + "name": "22448", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22448" + }, + { + "name": "simpleblog-comment-xss(24154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24154" + }, + { + "name": "20060114 [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422102/100/0/threaded" + }, + { + "name": "18488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18488" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0259.json b/2006/0xxx/CVE-2006-0259.json index d55b8bba01c..ec08c581280 100644 --- a/2006/0xxx/CVE-2006-0259.json +++ b/2006/0xxx/CVE-2006-0259.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "22544", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22544" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "22544", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22544" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0343.json b/2006/0xxx/CVE-2006-0343.json index 4c6e7b224f2..6e33d10ea3e 100644 --- a/2006/0xxx/CVE-2006-0343.json +++ b/2006/0xxx/CVE-2006-0343.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving \"invalid format data\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-027_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-027_e/index-e.html" - }, - { - "name" : "16327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16327" - }, - { - "name" : "ADV-2006-0267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0267" - }, - { - "name" : "22676", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22676" - }, - { - "name" : "1015520", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015520" - }, - { - "name" : "18538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18538" - }, - { - "name" : "hitachi-jp1netinsight-port-dos(24243)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving \"invalid format data\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16327" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS05-027_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-027_e/index-e.html" + }, + { + "name": "hitachi-jp1netinsight-port-dos(24243)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24243" + }, + { + "name": "ADV-2006-0267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0267" + }, + { + "name": "22676", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22676" + }, + { + "name": "1015520", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015520" + }, + { + "name": "18538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18538" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0570.json b/2006/0xxx/CVE-2006-0570.json index 88e7f5a6483..81a1fab55e1 100644 --- a/2006/0xxx/CVE-2006-0570.json +++ b/2006/0xxx/CVE-2006-0570.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060212 [eVuln] phpstatus Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424842/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/61/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/61/summary.html" - }, - { - "name" : "16587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16587" - }, - { - "name" : "ADV-2006-0450", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0450" - }, - { - "name" : "18791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18791" - }, - { - "name" : "427", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://evuln.com/vulns/61/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/61/summary.html" + }, + { + "name": "18791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18791" + }, + { + "name": "16587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16587" + }, + { + "name": "427", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/427" + }, + { + "name": "20060212 [eVuln] phpstatus Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424842/100/0/threaded" + }, + { + "name": "ADV-2006-0450", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0450" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0984.json b/2006/0xxx/CVE-2006-0984.json index 7090278c33e..e6e661a76d6 100644 --- a/2006/0xxx/CVE-2006-0984.json +++ b/2006/0xxx/CVE-2006-0984.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060228 EJ3 TOPo - Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426318/100/0/threaded" - }, - { - "name" : "16879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16879" - }, - { - "name" : "ADV-2006-0775", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0775" - }, - { - "name" : "23541", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23541" - }, - { - "name" : "19070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19070" - }, - { - "name" : "511", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/511" - }, - { - "name" : "topo-incheader-xss(24980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19070" + }, + { + "name": "16879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16879" + }, + { + "name": "ADV-2006-0775", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0775" + }, + { + "name": "23541", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23541" + }, + { + "name": "topo-incheader-xss(24980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24980" + }, + { + "name": "20060228 EJ3 TOPo - Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426318/100/0/threaded" + }, + { + "name": "511", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/511" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1376.json b/2006/1xxx/CVE-2006-1376.json index d2d08aba531..db76133f941 100644 --- a/2006/1xxx/CVE-2006-1376.json +++ b/2006/1xxx/CVE-2006-1376.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210" - }, - { - "name" : "19331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19331" - }, - { - "name" : "debian-cdebconf-world-writable(25526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210" + }, + { + "name": "19331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19331" + }, + { + "name": "debian-cdebconf-world-writable(25526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25526" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1992.json b/2006/1xxx/CVE-2006-1992.json index bb0f3b37dfa..0295fc604d9 100644 --- a/2006/1xxx/CVE-2006-1992.json +++ b/2006/1xxx/CVE-2006-1992.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060422 MSIE (mshtml.dll) OBJECT tag vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431796/100/0/threaded" - }, - { - "name" : "20060422 Re: MSIE (mshtml.dll) OBJECT tag vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.html" - }, - { - "name" : "20060423 MSIE (mshtml.dll) OBJECT tag vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html" - }, - { - "name" : "MS06-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" - }, - { - "name" : "17658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17658" - }, - { - "name" : "ADV-2006-1507", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1507" - }, - { - "name" : "27475", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27475" - }, - { - "name" : "1016001", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016001" - }, - { - "name" : "1016291", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016291" - }, - { - "name" : "19762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19762" - }, - { - "name" : "781", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/781" - }, - { - "name" : "ie-object-memory-corruption(25978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060423 MSIE (mshtml.dll) OBJECT tag vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html" + }, + { + "name": "781", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/781" + }, + { + "name": "1016001", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016001" + }, + { + "name": "1016291", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016291" + }, + { + "name": "20060422 MSIE (mshtml.dll) OBJECT tag vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431796/100/0/threaded" + }, + { + "name": "27475", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27475" + }, + { + "name": "20060422 Re: MSIE (mshtml.dll) OBJECT tag vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.html" + }, + { + "name": "ADV-2006-1507", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1507" + }, + { + "name": "MS06-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" + }, + { + "name": "19762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19762" + }, + { + "name": "ie-object-memory-corruption(25978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25978" + }, + { + "name": "17658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17658" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3220.json b/2006/3xxx/CVE-2006-3220.json index e9a04637498..0737258a59c 100644 --- a/2006/3xxx/CVE-2006-3220.json +++ b/2006/3xxx/CVE-2006-3220.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 wbb<<--v 2.2.1 \"studienplatztausch.php\" SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437115/100/100/threaded" - }, - { - "name" : "1142", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1142" - }, - { - "name" : "wbb-studienplatztausch-sql-injection(27141)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wbb-studienplatztausch-sql-injection(27141)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27141" + }, + { + "name": "1142", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1142" + }, + { + "name": "20060614 wbb<<--v 2.2.1 \"studienplatztausch.php\" SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437115/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3460.json b/2006/3xxx/CVE-2006-3460.json index e45e4992463..b8975ebfede 100644 --- a/2006/3xxx/CVE-2006-3460.json +++ b/2006/3xxx/CVE-2006-3460.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.rpath.com/browse/RPL-558", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-558" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm" - }, - { - "name" : "DSA-1137", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1137" - }, - { - "name" : "GLSA-200608-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml" - }, - { - "name" : "MDKSA-2006:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136" - }, - { - "name" : "MDKSA-2006:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137" - }, - { - "name" : "RHSA-2006:0603", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0603.html" - }, - { - "name" : "RHSA-2006:0648", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0648.html" - }, - { - "name" : "20060801-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" - }, - { - "name" : "20060901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" - }, - { - "name" : "SSA:2006-230-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600" - }, - { - "name" : "103160", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1" - }, - { - "name" : "201331", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1" - }, - { - "name" : "SUSE-SA:2006:044", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html" - }, - { - "name" : "2006-0044", - "refsource" : "TRUSTIX", - "url" : "http://lwn.net/Alerts/194228/" - }, - { - "name" : "USN-330-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-330-1" - }, - { - "name" : "19289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19289" - }, - { - "name" : "19288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19288" - }, - { - "name" : "oval:org.mitre.oval:def:11265", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265" - }, - { - "name" : "ADV-2006-3105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3105" - }, - { - "name" : "ADV-2006-3101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3101" - }, - { - "name" : "ADV-2007-3486", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3486" - }, - { - "name" : "ADV-2007-4034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4034" - }, - { - "name" : "1016628", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016628" - }, - { - "name" : "21370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21370" - }, - { - "name" : "21274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21274" - }, - { - "name" : "21290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21290" - }, - { - "name" : "21334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21334" - }, - { - "name" : "21392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21392" - }, - { - "name" : "21501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21501" - }, - { - "name" : "21537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21537" - }, - { - "name" : "21632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21632" - }, - { - "name" : "21598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21598" - }, - { - "name" : "22036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22036" - }, - { - "name" : "21304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21304" - }, - { - "name" : "21319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21319" - }, - { - "name" : "21338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21338" - }, - { - "name" : "21346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21346" - }, - { - "name" : "27181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27181" - }, - { - "name" : "27222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27222" - }, - { - "name" : "27832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060801-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" + }, + { + "name": "ADV-2007-3486", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3486" + }, + { + "name": "21501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21501" + }, + { + "name": "MDKSA-2006:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136" + }, + { + "name": "21537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21537" + }, + { + "name": "21632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21632" + }, + { + "name": "GLSA-200608-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml" + }, + { + "name": "21338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21338" + }, + { + "name": "USN-330-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-330-1" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm" + }, + { + "name": "ADV-2006-3101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3101" + }, + { + "name": "1016628", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016628" + }, + { + "name": "DSA-1137", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1137" + }, + { + "name": "21370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21370" + }, + { + "name": "21598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21598" + }, + { + "name": "RHSA-2006:0648", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html" + }, + { + "name": "MDKSA-2006:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137" + }, + { + "name": "19289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19289" + }, + { + "name": "27222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27222" + }, + { + "name": "ADV-2007-4034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4034" + }, + { + "name": "SUSE-SA:2006:044", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html" + }, + { + "name": "21290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21290" + }, + { + "name": "21274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21274" + }, + { + "name": "ADV-2006-3105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3105" + }, + { + "name": "27181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27181" + }, + { + "name": "RHSA-2006:0603", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html" + }, + { + "name": "20060901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" + }, + { + "name": "21304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21304" + }, + { + "name": "SSA:2006-230-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600" + }, + { + "name": "https://issues.rpath.com/browse/RPL-558", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-558" + }, + { + "name": "27832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27832" + }, + { + "name": "21346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21346" + }, + { + "name": "201331", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1" + }, + { + "name": "oval:org.mitre.oval:def:11265", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265" + }, + { + "name": "21319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21319" + }, + { + "name": "21392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21392" + }, + { + "name": "21334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21334" + }, + { + "name": "19288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19288" + }, + { + "name": "22036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22036" + }, + { + "name": "2006-0044", + "refsource": "TRUSTIX", + "url": "http://lwn.net/Alerts/194228/" + }, + { + "name": "103160", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3904.json b/2006/3xxx/CVE-2006-3904.json index 8ac5094ee2a..868bf0d04f3 100644 --- a/2006/3xxx/CVE-2006-3904.json +++ b/2006/3xxx/CVE-2006-3904.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://retrogod.altervista.org/etomite_061_sql.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/etomite_061_sql.html" - }, - { - "name" : "http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307", - "refsource" : "CONFIRM", - "url" : "http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307" - }, - { - "name" : "2071", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2071" - }, - { - "name" : "19150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19150" - }, - { - "name" : "ADV-2006-2961", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2961" - }, - { - "name" : "27485", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27485" - }, - { - "name" : "1016594", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016594" - }, - { - "name" : "21167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21167" - }, - { - "name" : "etomite-username-sql-injection(27943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19150" + }, + { + "name": "http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307", + "refsource": "CONFIRM", + "url": "http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307" + }, + { + "name": "21167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21167" + }, + { + "name": "ADV-2006-2961", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2961" + }, + { + "name": "2071", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2071" + }, + { + "name": "etomite-username-sql-injection(27943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943" + }, + { + "name": "27485", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27485" + }, + { + "name": "http://retrogod.altervista.org/etomite_061_sql.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/etomite_061_sql.html" + }, + { + "name": "1016594", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016594" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4449.json b/2006/4xxx/CVE-2006-4449.json index 58284ca7ec4..76ea287631c 100644 --- a/2006/4xxx/CVE-2006-4449.json +++ b/2006/4xxx/CVE-2006-4449.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060825 MyBB Html Injection ( XSS )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444414/100/0/threaded" - }, - { - "name" : "http://www.mybboard.com/archive.php?nid=18", - "refsource" : "CONFIRM", - "url" : "http://www.mybboard.com/archive.php?nid=18" - }, - { - "name" : "19718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19718" - }, - { - "name" : "21645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21645" - }, - { - "name" : "1469", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1469" - }, - { - "name" : "mybb-attachment-xss(28587)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060825 MyBB Html Injection ( XSS )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded" + }, + { + "name": "1469", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1469" + }, + { + "name": "21645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21645" + }, + { + "name": "19718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19718" + }, + { + "name": "mybb-attachment-xss(28587)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587" + }, + { + "name": "http://www.mybboard.com/archive.php?nid=18", + "refsource": "CONFIRM", + "url": "http://www.mybboard.com/archive.php?nid=18" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2680.json b/2010/2xxx/CVE-2010-2680.json index 8ae67a1fb7d..df9d34ccf93 100644 --- a/2010/2xxx/CVE-2010-2680.json +++ b/2010/2xxx/CVE-2010-2680.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14064", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14064" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt" - }, - { - "name" : "41163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41163" - }, - { - "name" : "jesectionfinder-view-file-include(59796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41163" + }, + { + "name": "14064", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14064" + }, + { + "name": "jesectionfinder-view-file-include(59796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59796" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2720.json b/2010/2xxx/CVE-2010-2720.json index af7a73b1b60..71f3c767eed 100644 --- a/2010/2xxx/CVE-2010-2720.json +++ b/2010/2xxx/CVE-2010-2720.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14201", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14201" - }, - { - "name" : "41341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41341" - }, - { - "name" : "65995", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65995" - }, - { - "name" : "40450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40450" - }, - { - "name" : "ADV-2010-1690", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1690" - }, - { - "name" : "phpaacms-list-sql-injection(60076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14201", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14201" + }, + { + "name": "65995", + "refsource": "OSVDB", + "url": "http://osvdb.org/65995" + }, + { + "name": "ADV-2010-1690", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1690" + }, + { + "name": "phpaacms-list-sql-injection(60076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60076" + }, + { + "name": "40450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40450" + }, + { + "name": "41341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41341" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2735.json b/2010/2xxx/CVE-2010-2735.json index 143c74ec4c4..2290f8b0eae 100644 --- a/2010/2xxx/CVE-2010-2735.json +++ b/2010/2xxx/CVE-2010-2735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2735", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-2735", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2756.json b/2010/2xxx/CVE-2010-2756.json index e0a9a7899b8..5498f1e7496 100644 --- a/2010/2xxx/CVE-2010-2756.json +++ b/2010/2xxx/CVE-2010-2756.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.2.7/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.7/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=417048", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=417048" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=623423", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=623423" - }, - { - "name" : "FEDORA-2010-13072", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html" - }, - { - "name" : "FEDORA-2010-13086", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html" - }, - { - "name" : "FEDORA-2010-13171", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html" - }, - { - "name" : "42275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42275" - }, - { - "name" : "40892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40892" - }, - { - "name" : "41128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41128" - }, - { - "name" : "ADV-2010-2035", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2035" - }, - { - "name" : "ADV-2010-2205", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2035", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2035" + }, + { + "name": "FEDORA-2010-13072", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html" + }, + { + "name": "FEDORA-2010-13171", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html" + }, + { + "name": "40892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40892" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=623423", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=623423" + }, + { + "name": "FEDORA-2010-13086", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html" + }, + { + "name": "42275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42275" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=417048", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=417048" + }, + { + "name": "http://www.bugzilla.org/security/3.2.7/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.7/" + }, + { + "name": "41128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41128" + }, + { + "name": "ADV-2010-2205", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2205" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2770.json b/2010/2xxx/CVE-2010-2770.json index 0e277f6852c..6f8c8582f7b 100644 --- a/2010/2xxx/CVE-2010-2770.json +++ b/2010/2xxx/CVE-2010-2770.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-58.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-58.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=583520", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=583520" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:11550", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11550" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - }, - { - "name" : "mozilla-font-code-execution(61663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:11550", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11550" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=583520", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=583520" + }, + { + "name": "mozilla-font-code-execution(61663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61663" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-58.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-58.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2905.json b/2010/2xxx/CVE-2010-2905.json index c69a19dfa38..aa46b1b8a2b 100644 --- a/2010/2xxx/CVE-2010-2905.json +++ b/2010/2xxx/CVE-2010-2905.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14370", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14370" - }, - { - "name" : "41733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41733" - }, - { - "name" : "40463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40463" - }, - { - "name" : "scriptsdirectory-search-sql-injection(60073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41733" + }, + { + "name": "40463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40463" + }, + { + "name": "scriptsdirectory-search-sql-injection(60073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60073" + }, + { + "name": "14370", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14370" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3235.json b/2010/3xxx/CVE-2010-3235.json index 20d1a6cba5e..ec11229af31 100644 --- a/2010/3xxx/CVE-2010-3235.json +++ b/2010/3xxx/CVE-2010-3235.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Formula Biff Record Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7028", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Formula Biff Record Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" + }, + { + "name": "oval:org.mitre.oval:def:7028", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7028" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3249.json b/2010/3xxx/CVE-2010-3249.json index 76740f2f815..18eb6c3bb7a 100644 --- a/2010/3xxx/CVE-2010-3249.json +++ b/2010/3xxx/CVE-2010-3249.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a \"stale pointer\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=45659", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=45659" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" - }, - { - "name" : "oval:org.mitre.oval:def:12211", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a \"stale pointer\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=45659", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=45659" + }, + { + "name": "oval:org.mitre.oval:def:12211", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12211" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3578.json b/2010/3xxx/CVE-2010-3578.json index 6919087cb03..3b3184f6515 100644 --- a/2010/3xxx/CVE-2010-3578.json +++ b/2010/3xxx/CVE-2010-3578.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3756.json b/2010/3xxx/CVE-2010-3756.json index 2b1e7c28e3d..a06cbb977b3 100644 --- a/2010/3xxx/CVE-2010-3756.json +++ b/2010/3xxx/CVE-2010-3756.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100929 ZDI-10-186: IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514070/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-186/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-186/" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21443820", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21443820" - }, - { - "name" : "IC69883", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100929 ZDI-10-186: IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514070/100/0/threaded" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21443820", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21443820" + }, + { + "name": "IC69883", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-186/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-186/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4274.json b/2010/4xxx/CVE-2010-4274.json index c08863a2d27..9ae162673a1 100644 --- a/2010/4xxx/CVE-2010-4274.json +++ b/2010/4xxx/CVE-2010-4274.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IC71821", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IC71821" - }, - { - "name" : "44839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44839" - }, - { - "name" : "1024736", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024736" - }, - { - "name" : "42239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42239" - }, - { - "name" : "ADV-2010-2978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2978" - }, - { - "name" : "systems-director-resetdiragent-sec-bypass(63238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42239" + }, + { + "name": "IC71821", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IC71821" + }, + { + "name": "ADV-2010-2978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2978" + }, + { + "name": "1024736", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024736" + }, + { + "name": "44839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44839" + }, + { + "name": "systems-director-resetdiragent-sec-bypass(63238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63238" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4463.json b/2010/4xxx/CVE-2010-4463.json index 2b76a38597e..2021be3d8e2 100644 --- a/2010/4xxx/CVE-2010-4463.json +++ b/2010/4xxx/CVE-2010-4463.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:0282", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "oval:org.mitre.oval:def:12899", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12899" - }, - { - "name" : "oval:org.mitre.oval:def:13777", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13777" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "RHSA-2011:0282", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "oval:org.mitre.oval:def:12899", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12899" + }, + { + "name": "oval:org.mitre.oval:def:13777", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13777" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1070.json b/2011/1xxx/CVE-2011-1070.json index 79ee98e8bcc..89aa66869ce 100644 --- a/2011/1xxx/CVE-2011-1070.json +++ b/2011/1xxx/CVE-2011-1070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1070", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1070", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1237.json b/2011/1xxx/CVE-2011-1237.json index 1f7a083c3d7..6c4e2f1858b 100644 --- a/2011/1xxx/CVE-2011-1237.json +++ b/2011/1xxx/CVE-2011-1237.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47214" - }, - { - "name" : "71752", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71752" - }, - { - "name" : "oval:org.mitre.oval:def:12467", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12467" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var25-priv-escalation(66419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mswin-win32k-var25-priv-escalation(66419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66419" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "71752", + "refsource": "OSVDB", + "url": "http://osvdb.org/71752" + }, + { + "name": "47214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47214" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "oval:org.mitre.oval:def:12467", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12467" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1429.json b/2011/1xxx/CVE-2011-1429.json index 9cc8df0c4fa..575609e6acb 100644 --- a/2011/1xxx/CVE-2011-1429.json +++ b/2011/1xxx/CVE-2011-1429.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110308 Mutt: failure to check server certificate in SMTP TLS connection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Mar/87" - }, - { - "name" : "FEDORA-2011-7739", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html" - }, - { - "name" : "FEDORA-2011-7751", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html" - }, - { - "name" : "FEDORA-2011-7756", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html" - }, - { - "name" : "RHSA-2011:0959", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0959.html" - }, - { - "name" : "46803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46803" - }, - { - "name" : "44937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44937" - }, - { - "name" : "8143", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8143" - }, - { - "name" : "mutt-smtptls-weak-security(66015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0959", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html" + }, + { + "name": "44937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44937" + }, + { + "name": "8143", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8143" + }, + { + "name": "mutt-smtptls-weak-security(66015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015" + }, + { + "name": "20110308 Mutt: failure to check server certificate in SMTP TLS connection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Mar/87" + }, + { + "name": "FEDORA-2011-7751", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html" + }, + { + "name": "FEDORA-2011-7739", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html" + }, + { + "name": "FEDORA-2011-7756", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html" + }, + { + "name": "46803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46803" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1587.json b/2011/1xxx/CVE-2011-1587.json index d1a81dd79a6..4c6e202e9d8 100644 --- a/2011/1xxx/CVE-2011-1587.json +++ b/2011/1xxx/CVE-2011-1587.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20110414 MediaWiki security release 1.16.4", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html" - }, - { - "name" : "[oss-security] 20110418 Re: CVE request: mediawiki 1.16.4, incomplete fix of CVE-2011-1578", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/18/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360" - }, - { - "name" : "DSA-2366", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110418 Re: CVE request: mediawiki 1.16.4, incomplete fix of CVE-2011-1578", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/18/5" + }, + { + "name": "DSA-2366", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2366" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=696360", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360" + }, + { + "name": "[mediawiki-announce] 20110414 MediaWiki security release 1.16.4", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1658.json b/2011/1xxx/CVE-2011-1658.json index 02751e5c1a8..97b0c7ab193 100644 --- a/2011/1xxx/CVE-2011-1658.json +++ b/2011/1xxx/CVE-2011-1658.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=12393", - "refsource" : "MISC", - "url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=12393" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667974", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667974" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "gnuclibrary-ldso-priv-esc(66820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=12393", + "refsource": "MISC", + "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12393" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "gnuclibrary-ldso-priv-esc(66820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66820" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667974", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667974" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1854.json b/2011/1xxx/CVE-2011-1854.json index c824cdb5c94..3973562ba4f 100644 --- a/2011/1xxx/CVE-2011-1854.json +++ b/2011/1xxx/CVE-2011-1854.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-166/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-166/" - }, - { - "name" : "HPSBGN02680", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" - }, - { - "name" : "SSRT100361", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" - }, - { - "name" : "47789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47789" - }, - { - "name" : "1025519", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN02680", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-166/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-166/" + }, + { + "name": "1025519", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025519" + }, + { + "name": "SSRT100361", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" + }, + { + "name": "47789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47789" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5006.json b/2011/5xxx/CVE-2011-5006.json index 7f7f7618819..5068ec6f8be 100644 --- a/2011/5xxx/CVE-2011-5006.json +++ b/2011/5xxx/CVE-2011-5006.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18137", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18137" - }, - { - "name" : "50739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50739" - }, - { - "name" : "77266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77266" - }, - { - "name" : "46924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18137", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18137" + }, + { + "name": "77266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77266" + }, + { + "name": "50739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50739" + }, + { + "name": "46924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46924" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3078.json b/2014/3xxx/CVE-2014-3078.json index 529cd3f7a03..e3682dbac4c 100644 --- a/2014/3xxx/CVE-2014-3078.json +++ b/2014/3xxx/CVE-2014-3078.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3078", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3078", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3305.json b/2014/3xxx/CVE-2014-3305.json index 7a11be5e0f6..7eb7e5e551b 100644 --- a/2014/3xxx/CVE-2014-3305.json +++ b/2014/3xxx/CVE-2014-3305.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35051", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35051" - }, - { - "name" : "20140725 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305" - }, - { - "name" : "68903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68903" - }, - { - "name" : "1030644", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030644" - }, - { - "name" : "cisco-webex-cve20143305-csrf(94894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-webex-cve20143305-csrf(94894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94894" + }, + { + "name": "68903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68903" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35051", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35051" + }, + { + "name": "20140725 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305" + }, + { + "name": "1030644", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030644" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3319.json b/2014/3xxx/CVE-2014-3319.json index fa95887b4f3..7db6ccefcab 100644 --- a/2014/3xxx/CVE-2014-3319.json +++ b/2014/3xxx/CVE-2014-3319.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909" - }, - { - "name" : "20140710 Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319" - }, - { - "name" : "1030554", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030554" - }, - { - "name" : "59734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59734" - }, - { - "name" : "cucm-cve20143319-dir-trav(94436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909" + }, + { + "name": "1030554", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030554" + }, + { + "name": "59734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59734" + }, + { + "name": "20140710 Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319" + }, + { + "name": "cucm-cve20143319-dir-trav(94436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3349.json b/2014/3xxx/CVE-2014-3349.json index 9d4df320262..9b259a61dda 100644 --- a/2014/3xxx/CVE-2014-3349.json +++ b/2014/3xxx/CVE-2014-3349.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140828 Cisco Intelligent Automation for Cloud Arbitrary File Upload", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3349" - }, - { - "name" : "69455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69455" - }, - { - "name" : "1030783", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030783" - }, - { - "name" : "cisco-iac-cve20143349-file-upload(95586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140828 Cisco Intelligent Automation for Cloud Arbitrary File Upload", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3349" + }, + { + "name": "1030783", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030783" + }, + { + "name": "cisco-iac-cve20143349-file-upload(95586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95586" + }, + { + "name": "69455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69455" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3829.json b/2014/3xxx/CVE-2014-3829.json index 96e1e548e1d..700ef2c9713 100644 --- a/2014/3xxx/CVE-2014-3829.json +++ b/2014/3xxx/CVE-2014-3829.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/78" - }, - { - "name" : "VU#298796", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/298796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/78" + }, + { + "name": "VU#298796", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/298796" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7508.json b/2014/7xxx/CVE-2014-7508.json index 7762a91a5c5..c6cefd8c675 100644 --- a/2014/7xxx/CVE-2014-7508.json +++ b/2014/7xxx/CVE-2014-7508.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#856617", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/856617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#856617", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/856617" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7639.json b/2014/7xxx/CVE-2014-7639.json index ff3a3bb8734..902bdabcd1d 100644 --- a/2014/7xxx/CVE-2014-7639.json +++ b/2014/7xxx/CVE-2014-7639.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7639", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7639", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7755.json b/2014/7xxx/CVE-2014-7755.json index 92618b68d0a..5ff71a9d53c 100644 --- a/2014/7xxx/CVE-2014-7755.json +++ b/2014/7xxx/CVE-2014-7755.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#442049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/442049" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#442049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/442049" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8257.json b/2014/8xxx/CVE-2014-8257.json index 56df038c7bd..ee88ab9d301 100644 --- a/2014/8xxx/CVE-2014-8257.json +++ b/2014/8xxx/CVE-2014-8257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8561.json b/2014/8xxx/CVE-2014-8561.json index f4cb3b05e75..8988d6e1fdd 100644 --- a/2014/8xxx/CVE-2014-8561.json +++ b/2014/8xxx/CVE-2014-8561.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8561", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8561", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9438.json b/2014/9xxx/CVE-2014-9438.json index 022fcf82097..92c659f8eff 100644 --- a/2014/9xxx/CVE-2014-9438.json +++ b/2014/9xxx/CVE-2014-9438.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html" - }, - { - "name" : "https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst", - "refsource" : "MISC", - "url" : "https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst" - }, - { - "name" : "vbulletin-banning-csrf(99472)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vbulletin-banning-csrf(99472)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99472" + }, + { + "name": "http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html" + }, + { + "name": "https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst", + "refsource": "MISC", + "url": "https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9524.json b/2014/9xxx/CVE-2014-9524.json index 3284bc39df8..d8815869d50 100644 --- a/2014/9xxx/CVE-2014-9524.json +++ b/2014/9xxx/CVE-2014-9524.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129506/WordPress-Facebook-Like-Box-2.8.2-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129506/WordPress-Facebook-Like-Box-2.8.2-CSRF-XSS.html" - }, - { - "name" : "https://wordpress.org/plugins/cardoza-facebook-like-box/changelog/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/cardoza-facebook-like-box/changelog/" - }, - { - "name" : "61557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/cardoza-facebook-like-box/changelog/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/cardoza-facebook-like-box/changelog/" + }, + { + "name": "61557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61557" + }, + { + "name": "http://packetstormsecurity.com/files/129506/WordPress-Facebook-Like-Box-2.8.2-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129506/WordPress-Facebook-Like-Box-2.8.2-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2070.json b/2016/2xxx/CVE-2016-2070.json index c956dc33b35..c7051404c8c 100644 --- a/2016/2xxx/CVE-2016-2070.json +++ b/2016/2xxx/CVE-2016-2070.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160125 Linux potential division by zero in TCP code", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/25/5" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1302219", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1302219" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8b8a321ff72c785ed5e8b4cf6eda20b35d427390", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8b8a321ff72c785ed5e8b4cf6eda20b35d427390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160125 Linux potential division by zero in TCP code", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/25/5" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5" + }, + { + "name": "https://github.com/torvalds/linux/commit/8b8a321ff72c785ed5e8b4cf6eda20b35d427390", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8b8a321ff72c785ed5e8b4cf6eda20b35d427390" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302219", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302219" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2440.json b/2016/2xxx/CVE-2016-2440.json index 460ac70705b..61f5f82ac68 100644 --- a/2016/2xxx/CVE-2016-2440.json +++ b/2016/2xxx/CVE-2016-2440.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2468.json b/2016/2xxx/CVE-2016-2468.json index a4a3829d978..1468cc9a47a 100644 --- a/2016/2xxx/CVE-2016-2468.json +++ b/2016/2xxx/CVE-2016-2468.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2828.json b/2016/2xxx/CVE-2016-2828.json index 05cac729f23..b0df4e7b395 100644 --- a/2016/2xxx/CVE-2016-2828.json +++ b/2016/2xxx/CVE-2016-2828.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-56.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-56.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1223810", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1223810" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3600", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3600" - }, - { - "name" : "RHSA-2016:1217", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1217" - }, - { - "name" : "openSUSE-SU-2016:1552", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1557", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:1691", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" - }, - { - "name" : "USN-2993-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2993-1" - }, - { - "name" : "91075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91075" - }, - { - "name" : "1036057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036057" + }, + { + "name": "RHSA-2016:1217", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1217" + }, + { + "name": "openSUSE-SU-2016:1557", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-56.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-56.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "openSUSE-SU-2016:1552", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" + }, + { + "name": "USN-2993-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2993-1" + }, + { + "name": "SUSE-SU-2016:1691", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1223810", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1223810" + }, + { + "name": "91075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91075" + }, + { + "name": "DSA-3600", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3600" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6081.json b/2016/6xxx/CVE-2016-6081.json index 2139e977ae3..624a2e655af 100644 --- a/2016/6xxx/CVE-2016-6081.json +++ b/2016/6xxx/CVE-2016-6081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6081", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6081", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6231.json b/2016/6xxx/CVE-2016-6231.json index 9fe6410d012..19e686d2d3f 100644 --- a/2016/6xxx/CVE-2016-6231.json +++ b/2016/6xxx/CVE-2016-6231.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160801 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539071/100/0/threaded" - }, - { - "name" : "20160805 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/30" - }, - { - "name" : "http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html", - "refsource" : "MISC", - "url" : "http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html" - }, - { - "name" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#280716", - "refsource" : "CONFIRM", - "url" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#280716" - }, - { - "name" : "92200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html", + "refsource": "MISC", + "url": "http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html" + }, + { + "name": "92200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92200" + }, + { + "name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#280716", + "refsource": "CONFIRM", + "url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#280716" + }, + { + "name": "20160801 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539071/100/0/threaded" + }, + { + "name": "20160805 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/30" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6537.json b/2016/6xxx/CVE-2016-6537.json index 41ec5b929b7..35948f94301 100644 --- a/2016/6xxx/CVE-2016-6537.json +++ b/2016/6xxx/CVE-2016-6537.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#667480", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/667480" - }, - { - "name" : "92936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#667480", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/667480" + }, + { + "name": "92936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92936" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6579.json b/2016/6xxx/CVE-2016-6579.json index a3ce3aaa664..a6909d8d0aa 100644 --- a/2016/6xxx/CVE-2016-6579.json +++ b/2016/6xxx/CVE-2016-6579.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6579", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-6579", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6729.json b/2016/6xxx/CVE-2016-6729.json index 7d9de12800f..9d1d270fe15 100644 --- a/2016/6xxx/CVE-2016-6729.json +++ b/2016/6xxx/CVE-2016-6729.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "94203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94203" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5088.json b/2017/5xxx/CVE-2017-5088.json index 607dbe13d48..717c3af1af0 100644 --- a/2017/5xxx/CVE-2017-5088.json +++ b/2017/5xxx/CVE-2017-5088.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient Validation of Untrusted Input" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html" - }, - { - "name" : "https://crbug.com/729991", - "refsource" : "MISC", - "url" : "https://crbug.com/729991" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1495", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1495" - }, - { - "name" : "99096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99096" - }, - { - "name" : "1038765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Validation of Untrusted Input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038765" + }, + { + "name": "https://crbug.com/729991", + "refsource": "MISC", + "url": "https://crbug.com/729991" + }, + { + "name": "99096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99096" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "RHSA-2017:1495", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1495" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5183.json b/2017/5xxx/CVE-2017-5183.json index 7516c63842b..0e9d7b14a58 100644 --- a/2017/5xxx/CVE-2017-5183.json +++ b/2017/5xxx/CVE-2017-5183.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2017-5183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Server", - "version" : { - "version_data" : [ - { - "version_value" : "Identity Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SAML2 mishandling" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2017-5183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Server", + "version": { + "version_data": [ + { + "version_value": "Identity Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7018509", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7018509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SAML2 mishandling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7018509", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7018509" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5761.json b/2017/5xxx/CVE-2017-5761.json index edeee28f133..a0f59d1246b 100644 --- a/2017/5xxx/CVE-2017-5761.json +++ b/2017/5xxx/CVE-2017-5761.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5761", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5761", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5902.json b/2017/5xxx/CVE-2017-5902.json index 81e8d627bb8..c95ba2823ee 100644 --- a/2017/5xxx/CVE-2017-5902.json +++ b/2017/5xxx/CVE-2017-5902.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file