diff --git a/2006/1xxx/CVE-2006-1141.json b/2006/1xxx/CVE-2006-1141.json index 677c12f261d..b44bfea70cc 100644 --- a/2006/1xxx/CVE-2006-1141.json +++ b/2006/1xxx/CVE-2006-1141.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/qmailadmin/qmailadmin/qmailadmin.c?r1=1.6.2.10&r2=1.6.2.11", - "refsource" : "MISC", - "url" : "http://cvs.sourceforge.net/viewcvs.py/qmailadmin/qmailadmin/qmailadmin.c?r1=1.6.2.10&r2=1.6.2.11" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=6691&release_id=395211", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=6691&release_id=395211" - }, - { - "name" : "GLSA-200611-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-15.xml" - }, - { - "name" : "16994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16994" - }, - { - "name" : "ADV-2006-0852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0852" - }, - { - "name" : "23705", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23705" - }, - { - "name" : "19262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19262" - }, - { - "name" : "23019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23019" - }, - { - "name" : "qmialadmin-qmailadmin-bo(25065)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=6691&release_id=395211", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=6691&release_id=395211" + }, + { + "name": "qmialadmin-qmailadmin-bo(25065)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25065" + }, + { + "name": "GLSA-200611-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-15.xml" + }, + { + "name": "23705", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23705" + }, + { + "name": "23019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23019" + }, + { + "name": "19262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19262" + }, + { + "name": "16994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16994" + }, + { + "name": "ADV-2006-0852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0852" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/qmailadmin/qmailadmin/qmailadmin.c?r1=1.6.2.10&r2=1.6.2.11", + "refsource": "MISC", + "url": "http://cvs.sourceforge.net/viewcvs.py/qmailadmin/qmailadmin/qmailadmin.c?r1=1.6.2.10&r2=1.6.2.11" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1173.json b/2006/1xxx/CVE-2006-1173.json index 8a56fe89fbf..74817902f17 100644 --- a/2006/1xxx/CVE-2006-1173.json +++ b/2006/1xxx/CVE-2006-1173.json @@ -1,347 +1,347 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-1173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060620 Sendmail MIME DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437928/100/0/threaded" - }, - { - "name" : "20060621 Re: Sendmail MIME DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438241/100/0/threaded" - }, - { - "name" : "20060624 Re: Sendmail MIME DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438330/100/0/threaded" - }, - { - "name" : "20060721 rPSA-2006-0134-1 sendmail sendmail-cf", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440744/100/0/threaded" - }, - { - "name" : "http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc" - }, - { - "name" : "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html" - }, - { - "name" : "http://www.f-secure.com/security/fsc-2006-5.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2006-5.shtml" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-526", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-526" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm" - }, - { - "name" : "IY85415", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only" - }, - { - "name" : "IY85930", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only" - }, - { - "name" : "DSA-1155", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1155" - }, - { - "name" : "FreeBSD-SA-06:17.sendmail", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc" - }, - { - "name" : "GLSA-200606-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml" - }, - { - "name" : "HPSBTU02116", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635" - }, - { - "name" : "SSRT061135", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635" - }, - { - "name" : "HPSBUX02124", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/442939/100/0/threaded" - }, - { - "name" : "SSRT061159", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/442939/100/0/threaded" - }, - { - "name" : "MDKSA-2006:104", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:104" - }, - { - "name" : "[3.8] 008: SECURITY FIX: June 15, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata38.html#sendmail2" - }, - { - "name" : "RHSA-2006:0515", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0515.html" - }, - { - "name" : "20060601-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P" - }, - { - "name" : "20060602-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" - }, - { - "name" : "SSA:2006-166-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382" - }, - { - "name" : "102460", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1" - }, - { - "name" : "SUSE-SA:2006:032", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html" - }, - { - "name" : "VU#146718", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/146718" - }, - { - "name" : "18433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18433" - }, - { - "name" : "oval:org.mitre.oval:def:11253", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253" - }, - { - "name" : "ADV-2006-2189", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2189" - }, - { - "name" : "ADV-2006-2351", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2351" - }, - { - "name" : "ADV-2006-2388", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2388" - }, - { - "name" : "ADV-2006-2389", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2389" - }, - { - "name" : "ADV-2006-2390", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2390" - }, - { - "name" : "ADV-2006-2798", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2798" - }, - { - "name" : "ADV-2006-3135", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3135" - }, - { - "name" : "26197", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26197" - }, - { - "name" : "1016295", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016295" - }, - { - "name" : "15779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15779" - }, - { - "name" : "20473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20473" - }, - { - "name" : "20641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20641" - }, - { - "name" : "20650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20650" - }, - { - "name" : "20651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20651" - }, - { - "name" : "20654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20654" - }, - { - "name" : "20673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20673" - }, - { - "name" : "20675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20675" - }, - { - "name" : "20679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20679" - }, - { - "name" : "20683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20683" - }, - { - "name" : "20684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20684" - }, - { - "name" : "20694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20694" - }, - { - "name" : "20726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20726" - }, - { - "name" : "20782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20782" - }, - { - "name" : "21042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21042" - }, - { - "name" : "21160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21160" - }, - { - "name" : "21327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21327" - }, - { - "name" : "21612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21612" - }, - { - "name" : "21647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21647" - }, - { - "name" : "sendmail-multipart-mime-dos(27128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY85415", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only" + }, + { + "name": "HPSBTU02116", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635" + }, + { + "name": "DSA-1155", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1155" + }, + { + "name": "[3.8] 008: SECURITY FIX: June 15, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata38.html#sendmail2" + }, + { + "name": "20684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20684" + }, + { + "name": "HPSBUX02124", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/442939/100/0/threaded" + }, + { + "name": "ADV-2006-2388", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2388" + }, + { + "name": "20726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20726" + }, + { + "name": "oval:org.mitre.oval:def:11253", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253" + }, + { + "name": "ADV-2006-2351", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2351" + }, + { + "name": "21327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21327" + }, + { + "name": "RHSA-2006:0515", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0515.html" + }, + { + "name": "ADV-2006-2389", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2389" + }, + { + "name": "21647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21647" + }, + { + "name": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html", + "refsource": "CONFIRM", + "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-526", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-526" + }, + { + "name": "20651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20651" + }, + { + "name": "20683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20683" + }, + { + "name": "20650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20650" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm" + }, + { + "name": "20782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20782" + }, + { + "name": "ADV-2006-3135", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3135" + }, + { + "name": "1016295", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016295" + }, + { + "name": "20694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20694" + }, + { + "name": "20473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20473" + }, + { + "name": "ADV-2006-2189", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2189" + }, + { + "name": "20060721 rPSA-2006-0134-1 sendmail sendmail-cf", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440744/100/0/threaded" + }, + { + "name": "20060601-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P" + }, + { + "name": "ADV-2006-2798", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2798" + }, + { + "name": "102460", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1" + }, + { + "name": "http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc", + "refsource": "CONFIRM", + "url": "http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc" + }, + { + "name": "20060602-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" + }, + { + "name": "MDKSA-2006:104", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:104" + }, + { + "name": "sendmail-multipart-mime-dos(27128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27128" + }, + { + "name": "20673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20673" + }, + { + "name": "http://www.f-secure.com/security/fsc-2006-5.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2006-5.shtml" + }, + { + "name": "20060621 Re: Sendmail MIME DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438241/100/0/threaded" + }, + { + "name": "21612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21612" + }, + { + "name": "20654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20654" + }, + { + "name": "ADV-2006-2390", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2390" + }, + { + "name": "SSA:2006-166-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382" + }, + { + "name": "GLSA-200606-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml" + }, + { + "name": "18433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18433" + }, + { + "name": "20675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20675" + }, + { + "name": "SUSE-SA:2006:032", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html" + }, + { + "name": "FreeBSD-SA-06:17.sendmail", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc" + }, + { + "name": "20060620 Sendmail MIME DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437928/100/0/threaded" + }, + { + "name": "SSRT061159", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/442939/100/0/threaded" + }, + { + "name": "VU#146718", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/146718" + }, + { + "name": "SSRT061135", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635" + }, + { + "name": "15779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15779" + }, + { + "name": "20641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20641" + }, + { + "name": "20679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20679" + }, + { + "name": "26197", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26197" + }, + { + "name": "21042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21042" + }, + { + "name": "21160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21160" + }, + { + "name": "IY85930", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only" + }, + { + "name": "20060624 Re: Sendmail MIME DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438330/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1508.json b/2006/1xxx/CVE-2006-1508.json index 1ab4c2a5c3d..5c205831c70 100644 --- a/2006/1xxx/CVE-2006-1508.json +++ b/2006/1xxx/CVE-2006-1508.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html" - }, - { - "name" : "17287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17287" - }, - { - "name" : "ADV-2006-1125", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1125" - }, - { - "name" : "24181", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24181" - }, - { - "name" : "24182", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24182" - }, - { - "name" : "24183", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24183" - }, - { - "name" : "24184", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24184" - }, - { - "name" : "24185", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24185" - }, - { - "name" : "19434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19434" - }, - { - "name" : "connectdailywebcalendar-multiple-xss(25474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html" + }, + { + "name": "24184", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24184" + }, + { + "name": "24185", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24185" + }, + { + "name": "19434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19434" + }, + { + "name": "connectdailywebcalendar-multiple-xss(25474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25474" + }, + { + "name": "ADV-2006-1125", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1125" + }, + { + "name": "24183", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24183" + }, + { + "name": "24181", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24181" + }, + { + "name": "24182", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24182" + }, + { + "name": "17287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17287" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1781.json b/2006/1xxx/CVE-2006-1781.json index b4d9dc5829b..4bda4fbe758 100644 --- a/2006/1xxx/CVE-2006-1781.json +++ b/2006/1xxx/CVE-2006-1781.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later reported that 1.4.2 and earlier are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3530", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3530" - }, - { - "name" : "http://pridels0.blogspot.com/2006/04/monstertoplist.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/monstertoplist.html" - }, - { - "name" : "17546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17546" - }, - { - "name" : "23074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23074" - }, - { - "name" : "ADV-2006-1350", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1350" - }, - { - "name" : "24650", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24650" - }, - { - "name" : "19688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19688" - }, - { - "name" : "monstertoplist-functions-file-include(25774)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later reported that 1.4.2 and earlier are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3530", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3530" + }, + { + "name": "19688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19688" + }, + { + "name": "monstertoplist-functions-file-include(25774)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25774" + }, + { + "name": "ADV-2006-1350", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1350" + }, + { + "name": "17546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17546" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/monstertoplist.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/monstertoplist.html" + }, + { + "name": "23074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23074" + }, + { + "name": "24650", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24650" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5328.json b/2006/5xxx/CVE-2006-5328.json index e624a5d9211..b419425789e 100644 --- a/2006/5xxx/CVE-2006-5328.json +++ b/2006/5xxx/CVE-2006-5328.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitalmunition.com/DMA[2006-1016a].txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA[2006-1016a].txt" - }, - { - "name" : "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl" - }, - { - "name" : "APPLE-SA-2007-10-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html" - }, - { - "name" : "20562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20562" - }, - { - "name" : "ADV-2007-3665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3665" - }, - { - "name" : "1018872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018872" - }, - { - "name" : "22390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22390" - }, - { - "name" : "27441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22390" + }, + { + "name": "27441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27441" + }, + { + "name": "ADV-2007-3665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3665" + }, + { + "name": "1018872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018872" + }, + { + "name": "APPLE-SA-2007-10-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html" + }, + { + "name": "20562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20562" + }, + { + "name": "http://www.digitalmunition.com/DMA[2006-1016a].txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA[2006-1016a].txt" + }, + { + "name": "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5363.json b/2006/5xxx/CVE-2006-5363.json index 9af5946d971..6dcaf1950ff 100644 --- a/2006/5xxx/CVE-2006-5363.json +++ b/2006/5xxx/CVE-2006-5363.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5489.json b/2006/5xxx/CVE-2006-5489.json index 65a84a80324..25f58cd46dd 100644 --- a/2006/5xxx/CVE-2006-5489.json +++ b/2006/5xxx/CVE-2006-5489.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's calendar meeting time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/4.1.2_HF1_Release_Notes?func=doc.Fetch&nodeId=1276788", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/4.1.2_HF1_Release_Notes?func=doc.Fetch&nodeId=1276788" - }, - { - "name" : "ADV-2006-4133", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4133" - }, - { - "name" : "29897", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29897" - }, - { - "name" : "1017101", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017101" - }, - { - "name" : "22408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22408" - }, - { - "name" : "blackberry-unspecified-dos(29678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's calendar meeting time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29897", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29897" + }, + { + "name": "blackberry-unspecified-dos(29678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29678" + }, + { + "name": "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/4.1.2_HF1_Release_Notes?func=doc.Fetch&nodeId=1276788", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/4.1.2_HF1_Release_Notes?func=doc.Fetch&nodeId=1276788" + }, + { + "name": "1017101", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017101" + }, + { + "name": "ADV-2006-4133", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4133" + }, + { + "name": "22408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22408" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5717.json b/2006/5xxx/CVE-2006-5717.json index 9ecc90ec3ad..b834fadcbf3 100644 --- a/2006/5xxx/CVE-2006-5717.json +++ b/2006/5xxx/CVE-2006-5717.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061101 Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450245/100/0/threaded" - }, - { - "name" : "http://www.armorize.com/resources/vulnerability.php?Keyword=Armorize-ADV-2006-0008", - "refsource" : "MISC", - "url" : "http://www.armorize.com/resources/vulnerability.php?Keyword=Armorize-ADV-2006-0008" - }, - { - "name" : "20851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20851" - }, - { - "name" : "1815", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061101 Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450245/100/0/threaded" + }, + { + "name": "20851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20851" + }, + { + "name": "http://www.armorize.com/resources/vulnerability.php?Keyword=Armorize-ADV-2006-0008", + "refsource": "MISC", + "url": "http://www.armorize.com/resources/vulnerability.php?Keyword=Armorize-ADV-2006-0008" + }, + { + "name": "1815", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1815" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2484.json b/2007/2xxx/CVE-2007-2484.json index 03d720153cf..bf2e5ef1074 100644 --- a/2007/2xxx/CVE-2007-2484.json +++ b/2007/2xxx/CVE-2007-2484.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070502 [ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (wpPATH) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467363/100/0/threaded" - }, - { - "name" : "3824", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3824" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv82-K-159-2007.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv82-K-159-2007.txt" - }, - { - "name" : "http://alexrabe.boelinger.com/", - "refsource" : "CONFIRM", - "url" : "http://alexrabe.boelinger.com/" - }, - { - "name" : "34357", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34357" - }, - { - "name" : "ADV-2007-1614", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1614" - }, - { - "name" : "25063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25063" - }, - { - "name" : "wptable-button-file-include(33989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3824", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3824" + }, + { + "name": "25063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25063" + }, + { + "name": "34357", + "refsource": "OSVDB", + "url": "http://osvdb.org/34357" + }, + { + "name": "20070502 [ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (wpPATH) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467363/100/0/threaded" + }, + { + "name": "wptable-button-file-include(33989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33989" + }, + { + "name": "http://alexrabe.boelinger.com/", + "refsource": "CONFIRM", + "url": "http://alexrabe.boelinger.com/" + }, + { + "name": "ADV-2007-1614", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1614" + }, + { + "name": "http://advisories.echo.or.id/adv/adv82-K-159-2007.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv82-K-159-2007.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2573.json b/2007/2xxx/CVE-2007-2573.json index 084f3717650..9b1e46c4b85 100644 --- a/2007/2xxx/CVE-2007-2573.json +++ b/2007/2xxx/CVE-2007-2573.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3860", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3860" - }, - { - "name" : "ADV-2007-1675", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1675" - }, - { - "name" : "35819", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35819" - }, - { - "name" : "25174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25174" - }, - { - "name" : "phptree-cms2-file-include(34106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phptree-cms2-file-include(34106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34106" + }, + { + "name": "3860", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3860" + }, + { + "name": "25174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25174" + }, + { + "name": "ADV-2007-1675", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1675" + }, + { + "name": "35819", + "refsource": "OSVDB", + "url": "http://osvdb.org/35819" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2655.json b/2007/2xxx/CVE-2007-2655.json index 9ab0e0e6f68..2a6819a3fea 100644 --- a/2007/2xxx/CVE-2007-2655.json +++ b/2007/2xxx/CVE-2007-2655.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.netwinsite.com/surgemail/help/updates.htm", - "refsource" : "CONFIRM", - "url" : "http://www.netwinsite.com/surgemail/help/updates.htm" - }, - { - "name" : "23908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23908" - }, - { - "name" : "ADV-2007-1755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1755" - }, - { - "name" : "35891", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35891" - }, - { - "name" : "25207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25207" - }, - { - "name" : "surgemail-unspecified-security-bypass(34217)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "surgemail-unspecified-security-bypass(34217)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217" + }, + { + "name": "35891", + "refsource": "OSVDB", + "url": "http://osvdb.org/35891" + }, + { + "name": "ADV-2007-1755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1755" + }, + { + "name": "http://www.netwinsite.com/surgemail/help/updates.htm", + "refsource": "CONFIRM", + "url": "http://www.netwinsite.com/surgemail/help/updates.htm" + }, + { + "name": "23908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23908" + }, + { + "name": "25207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25207" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0116.json b/2010/0xxx/CVE-2010-0116.json index 5d5502e61bd..87058b583ed 100644 --- a/2010/0xxx/CVE-2010-0116.json +++ b/2010/0xxx/CVE-2010-0116.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2010-3/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-3/" - }, - { - "name" : "http://service.real.com/realplayer/security/08262010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/08262010_player/en/" - }, - { - "name" : "oval:org.mitre.oval:def:7326", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7326" - }, - { - "name" : "1024370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024370" - }, - { - "name" : "41096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41096" - }, - { - "name" : "41154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41154" - }, - { - "name" : "ADV-2010-2216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2216" - }, - { - "name" : "realplayer-qcp-bo(61420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2216" + }, + { + "name": "41096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41096" + }, + { + "name": "realplayer-qcp-bo(61420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61420" + }, + { + "name": "oval:org.mitre.oval:def:7326", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7326" + }, + { + "name": "http://service.real.com/realplayer/security/08262010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/08262010_player/en/" + }, + { + "name": "1024370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024370" + }, + { + "name": "41154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41154" + }, + { + "name": "http://secunia.com/secunia_research/2010-3/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-3/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0401.json b/2010/0xxx/CVE-2010-0401.json index 25f48dc93d9..7f2c2b3f480 100644 --- a/2010/0xxx/CVE-2010-0401.json +++ b/2010/0xxx/CVE-2010-0401.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.openttd.org/task/3754", - "refsource" : "CONFIRM", - "url" : "http://bugs.openttd.org/task/3754" - }, - { - "name" : "http://security.openttd.org/en/CVE-2010-0401", - "refsource" : "CONFIRM", - "url" : "http://security.openttd.org/en/CVE-2010-0401" - }, - { - "name" : "39669", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.openttd.org/en/CVE-2010-0401", + "refsource": "CONFIRM", + "url": "http://security.openttd.org/en/CVE-2010-0401" + }, + { + "name": "39669", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39669" + }, + { + "name": "http://bugs.openttd.org/task/3754", + "refsource": "CONFIRM", + "url": "http://bugs.openttd.org/task/3754" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0433.json b/2010/0xxx/CVE-2010-0433.json index 42edf4d8c35..b0e349c9f59 100644 --- a/2010/0xxx/CVE-2010-0433.json +++ b/2010/0xxx/CVE-2010-0433.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/dovecot@dovecot.org/msg26224.html" - }, - { - "name" : "[oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/03/5" - }, - { - "name" : "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released", - "refsource" : "MLIST", - "url" : "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html" - }, - { - "name" : "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released", - "refsource" : "MLIST", - "url" : "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html" - }, - { - "name" : "http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7" - }, - { - "name" : "http://cvs.openssl.org/chngview?cn=19374", - "refsource" : "CONFIRM", - "url" : "http://cvs.openssl.org/chngview?cn=19374" - }, - { - "name" : "http://www.openssl.org/news/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/changelog.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=567711", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=567711" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=569774", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=569774" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc" - }, - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA50", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA50" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "FEDORA-2010-5744", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html" - }, - { - "name" : "FEDORA-2010-5357", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" - }, - { - "name" : "HPSBUX02517", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127128920008563&w=2" - }, - { - "name" : "HPSBUX02531", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557640302499&w=2" - }, - { - "name" : "SSRT100058", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127128920008563&w=2" - }, - { - "name" : "SSRT100108", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557640302499&w=2" - }, - { - "name" : "MDVSA-2010:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076" - }, - { - "name" : "oval:org.mitre.oval:def:9856", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856" - }, - { - "name" : "oval:org.mitre.oval:def:12260", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260" - }, - { - "name" : "oval:org.mitre.oval:def:6718", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718" - }, - { - "name" : "39461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39461" - }, - { - "name" : "39932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39932" - }, - { - "name" : "42724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42724" - }, - { - "name" : "42733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42733" - }, - { - "name" : "43311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43311" - }, - { - "name" : "ADV-2010-0839", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0839" - }, - { - "name" : "ADV-2010-0933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0933" - }, - { - "name" : "ADV-2010-0916", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0916" - }, - { - "name" : "ADV-2010-1216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0916", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0916" + }, + { + "name": "42724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42724" + }, + { + "name": "39461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39461" + }, + { + "name": "oval:org.mitre.oval:def:9856", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=569774", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=569774" + }, + { + "name": "FEDORA-2010-5357", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" + }, + { + "name": "HPSBUX02531", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557640302499&w=2" + }, + { + "name": "oval:org.mitre.oval:def:12260", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260" + }, + { + "name": "[oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/03/5" + }, + { + "name": "[dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/dovecot@dovecot.org/msg26224.html" + }, + { + "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released", + "refsource": "MLIST", + "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=567711", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567711" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "ADV-2010-0839", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0839" + }, + { + "name": "http://cvs.openssl.org/chngview?cn=19374", + "refsource": "CONFIRM", + "url": "http://cvs.openssl.org/chngview?cn=19374" + }, + { + "name": "SSRT100108", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557640302499&w=2" + }, + { + "name": "MDVSA-2010:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076" + }, + { + "name": "HPSBUX02517", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2" + }, + { + "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released", + "refsource": "MLIST", + "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html" + }, + { + "name": "39932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39932" + }, + { + "name": "http://www.openssl.org/news/changelog.html", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/changelog.html" + }, + { + "name": "ADV-2010-0933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0933" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "SSRT100058", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA50", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA50" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "43311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43311" + }, + { + "name": "ADV-2010-1216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1216" + }, + { + "name": "oval:org.mitre.oval:def:6718", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718" + }, + { + "name": "42733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42733" + }, + { + "name": "FEDORA-2010-5744", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc" + }, + { + "name": "http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7", + "refsource": "MISC", + "url": "http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0924.json b/2010/0xxx/CVE-2010-0924.json index d4231bc03d7..c052144943c 100644 --- a/2010/0xxx/CVE-2010-0924.json +++ b/2010/0xxx/CVE-2010-0924.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nobytes.com/exploits/Safari_4.0.4_background_DoS_pl.txt", - "refsource" : "MISC", - "url" : "http://nobytes.com/exploits/Safari_4.0.4_background_DoS_pl.txt" - }, - { - "name" : "38447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38447" + }, + { + "name": "http://nobytes.com/exploits/Safari_4.0.4_background_DoS_pl.txt", + "refsource": "MISC", + "url": "http://nobytes.com/exploits/Safari_4.0.4_background_DoS_pl.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1187.json b/2010/1xxx/CVE-2010-1187.json index bc91bee2465..b225669be98 100644 --- a/2010/1xxx/CVE-2010-1187.json +++ b/2010/1xxx/CVE-2010-1187.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[oss-security] 20100330 CVE request: kernel: tipc: Fix oops on send prior to entering networked mode", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/30/1" - }, - { - "name" : "[oss-security] 20100331 Re: CVE request: kernel: tipc: Fix oops on send prior to entering networked mode", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/31/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=578057", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=578057" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=d0021b252eaf65ca07ed14f0d66425dd9ccab9a6;hp=6d55cb91a0020ac0d78edcad61efd6c8cf5785a3", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=d0021b252eaf65ca07ed14f0d66425dd9ccab9a6;hp=6d55cb91a0020ac0d78edcad61efd6c8cf5785a3" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "DSA-2053", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2053" - }, - { - "name" : "MDVSA-2010:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name" : "39120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39120" - }, - { - "name" : "oval:org.mitre.oval:def:9832", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9832" - }, - { - "name" : "39830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39830" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=d0021b252eaf65ca07ed14f0d66425dd9ccab9a6;hp=6d55cb91a0020ac0d78edcad61efd6c8cf5785a3", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=d0021b252eaf65ca07ed14f0d66425dd9ccab9a6;hp=6d55cb91a0020ac0d78edcad61efd6c8cf5785a3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=578057", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578057" + }, + { + "name": "39120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39120" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "[oss-security] 20100331 Re: CVE request: kernel: tipc: Fix oops on send prior to entering networked mode", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/31/1" + }, + { + "name": "oval:org.mitre.oval:def:9832", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9832" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "[oss-security] 20100330 CVE request: kernel: tipc: Fix oops on send prior to entering networked mode", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/30/1" + }, + { + "name": "DSA-2053", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2053" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "39830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39830" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1325.json b/2010/1xxx/CVE-2010-1325.json index 167d36c87b3..ecc838f8d97 100644 --- a/2010/1xxx/CVE-2010-1325.json +++ b/2010/1xxx/CVE-2010-1325.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named \"Apache SLMS,\" but that is incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/security/cve/CVE-2010-1325.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2010-1325.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=588284", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=588284" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "42121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42121" - }, - { - "name" : "apacheslms-quoting-csrf(61006)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named \"Apache SLMS,\" but that is incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=588284", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=588284" + }, + { + "name": "42121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42121" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2010-1325.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2010-1325.html" + }, + { + "name": "apacheslms-quoting-csrf(61006)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61006" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1816.json b/2010/1xxx/CVE-2010-1816.json index e9396ed4204..3f004c01c83 100644 --- a/2010/1xxx/CVE-2010-1816.json +++ b/2010/1xxx/CVE-2010-1816.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2016-01-28-4188", - "refsource" : "APPLE", - "url" : "https://support.apple.com/en-us/HT4188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-01-28-4188", + "refsource": "APPLE", + "url": "https://support.apple.com/en-us/HT4188" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1875.json b/2010/1xxx/CVE-2010-1875.json index 6d3b09659ba..684941056a3 100644 --- a/2010/1xxx/CVE-2010-1875.json +++ b/2010/1xxx/CVE-2010-1875.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11851", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11851" - }, - { - "name" : "38912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38912" - }, - { - "name" : "63143", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63143" - }, - { - "name" : "39074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39074" - }, - { - "name" : "realestate-index-file-include(57110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11851", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11851" + }, + { + "name": "realestate-index-file-include(57110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57110" + }, + { + "name": "39074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39074" + }, + { + "name": "38912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38912" + }, + { + "name": "63143", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63143" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1900.json b/2010/1xxx/CVE-2010-1900.json index f53a3ab477e..08de1582c6c 100644 --- a/2010/1xxx/CVE-2010-1900.json +++ b/2010/1xxx/CVE-2010-1900.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka \"Word Record Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11490", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka \"Word Record Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "oval:org.mitre.oval:def:11490", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490" + }, + { + "name": "MS10-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4166.json b/2010/4xxx/CVE-2010-4166.json index 80958096195..73358f50790 100644 --- a/2010/4xxx/CVE-2010-4166.json +++ b/2010/4xxx/CVE-2010-4166.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101031 Joomla 1.5.21 | Potential SQL Injection Flaws", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html" - }, - { - "name" : "[oss-security] 20101112 CVE request: Joomla 1.5.21 SQL Injection and Information Disclosure", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/12/5" - }, - { - "name" : "[oss-security] 20101112 Re: CVE request: Joomla 1.5.21 SQL Injection and Information Disclosure", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/12/6" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg" - }, - { - "name" : "http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html" - }, - { - "name" : "42133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg" + }, + { + "name": "[oss-security] 20101112 CVE request: Joomla 1.5.21 SQL Injection and Information Disclosure", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/12/5" + }, + { + "name": "20101031 Joomla 1.5.21 | Potential SQL Injection Flaws", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html" + }, + { + "name": "http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg" + }, + { + "name": "42133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42133" + }, + { + "name": "[oss-security] 20101112 Re: CVE request: Joomla 1.5.21 SQL Injection and Information Disclosure", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/12/6" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4281.json b/2010/4xxx/CVE-2010-4281.json index 295b1546f11..965730ba196 100644 --- a/2010/4xxx/CVE-2010-4281.json +++ b/2010/4xxx/CVE-2010-4281.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514939/100/0/threaded" - }, - { - "name" : "15643", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15643" - }, - { - "name" : "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Nov/326" - }, - { - "name" : "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download" - }, - { - "name" : "45112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45112" - }, - { - "name" : "69546", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69546" - }, - { - "name" : "42347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42347" + }, + { + "name": "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514939/100/0/threaded" + }, + { + "name": "69546", + "refsource": "OSVDB", + "url": "http://osvdb.org/69546" + }, + { + "name": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download" + }, + { + "name": "45112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45112" + }, + { + "name": "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Nov/326" + }, + { + "name": "15643", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15643" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4407.json b/2010/4xxx/CVE-2010-4407.json index 2021a23730d..11ddc1bd92f 100644 --- a/2010/4xxx/CVE-2010-4407.json +++ b/2010/4xxx/CVE-2010-4407.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101201 [eVuln.com] Multiple XSS in Alguest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514960/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/151/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/151/summary.html" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96297/alguest-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96297/alguest-xss.txt" - }, - { - "name" : "45140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/view/96297/alguest-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96297/alguest-xss.txt" + }, + { + "name": "45140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45140" + }, + { + "name": "20101201 [eVuln.com] Multiple XSS in Alguest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514960/100/0/threaded" + }, + { + "name": "http://evuln.com/vulns/151/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/151/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4575.json b/2010/4xxx/CVE-2010-4575.json index 49ecdb86e8e..e30b65060e8 100644 --- a/2010/4xxx/CVE-2010-4575.json +++ b/2010/4xxx/CVE-2010-4575.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=60761", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=60761" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html" - }, - { - "name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=68112", - "refsource" : "CONFIRM", - "url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=68112" - }, - { - "name" : "GLSA-201012-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml" - }, - { - "name" : "45390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45390" - }, - { - "name" : "oval:org.mitre.oval:def:14427", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14427" - }, - { - "name" : "42648", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html" + }, + { + "name": "42648", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42648" + }, + { + "name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68112", + "refsource": "CONFIRM", + "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68112" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=60761", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=60761" + }, + { + "name": "45390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45390" + }, + { + "name": "oval:org.mitre.oval:def:14427", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14427" + }, + { + "name": "GLSA-201012-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4732.json b/2010/4xxx/CVE-2010-4732.json index 7cc7bc64773..3c49a5a013b 100644 --- a/2010/4xxx/CVE-2010-4732.json +++ b/2010/4xxx/CVE-2010-4732.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf" - }, - { - "name" : "VU#114560", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/114560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#114560", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/114560" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf" + }, + { + "name": "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0336.json b/2014/0xxx/CVE-2014-0336.json index cc227ac7f0b..fecb6345452 100644 --- a/2014/0xxx/CVE-2014-0336.json +++ b/2014/0xxx/CVE-2014-0336.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#823452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/823452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#823452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/823452" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0383.json b/2014/0xxx/CVE-2014-0383.json index a321f30b6cd..811ae5cd038 100644 --- a/2014/0xxx/CVE-2014-0383.json +++ b/2014/0xxx/CVE-2014-0383.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64842" - }, - { - "name" : "102102", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102102" - }, - { - "name" : "1029613", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029613" - }, - { - "name" : "56459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029613", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029613" + }, + { + "name": "64842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64842" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "102102", + "refsource": "OSVDB", + "url": "http://osvdb.org/102102" + }, + { + "name": "56459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56459" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0810.json b/2014/0xxx/CVE-2014-0810.json index 8dd81c6d103..f652cd4f489 100644 --- a/2014/0xxx/CVE-2014-0810.json +++ b/2014/0xxx/CVE-2014-0810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.justsystems.com/jp/info/js14001.html", - "refsource" : "CONFIRM", - "url" : "http://www.justsystems.com/jp/info/js14001.html" - }, - { - "name" : "JVN#28011378", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN28011378/index.html" - }, - { - "name" : "JVNDB-2014-000011", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#28011378", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN28011378/index.html" + }, + { + "name": "http://www.justsystems.com/jp/info/js14001.html", + "refsource": "CONFIRM", + "url": "http://www.justsystems.com/jp/info/js14001.html" + }, + { + "name": "JVNDB-2014-000011", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000011" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0921.json b/2014/0xxx/CVE-2014-0921.json index 55e3b32f988..73758c4fce8 100644 --- a/2014/0xxx/CVE-2014-0921.json +++ b/2014/0xxx/CVE-2014-0921.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278" - }, - { - "name" : "IC98583", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98583" - }, - { - "name" : "ibm-messagesight-cve20140921-dos(92074)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278" + }, + { + "name": "ibm-messagesight-cve20140921-dos(92074)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92074" + }, + { + "name": "IC98583", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98583" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0949.json b/2014/0xxx/CVE-2014-0949.json index e09e091732b..35bcd38bfa8 100644 --- a/2014/0xxx/CVE-2014-0949.json +++ b/2014/0xxx/CVE-2014-0949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672572", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672572" - }, - { - "name" : "PI15692", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692" - }, - { - "name" : "ibm-websphere-cve20140949-dos(92622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572" + }, + { + "name": "ibm-websphere-cve20140949-dos(92622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92622" + }, + { + "name": "PI15692", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10013.json b/2014/10xxx/CVE-2014-10013.json index dd688d611d3..5850ffdfd73 100644 --- a/2014/10xxx/CVE-2014-10013.json +++ b/2014/10xxx/CVE-2014-10013.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35204", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35204" - }, - { - "name" : "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "wp-anotherwpclassifieds-sql-injection(98589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "35204", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35204" + }, + { + "name": "wp-anotherwpclassifieds-sql-injection(98589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98589" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4020.json b/2014/4xxx/CVE-2014-4020.json index d3d77bb4565..568f467de2e 100644 --- a/2014/4xxx/CVE-2014-4020.json +++ b/2014/4xxx/CVE-2014-4020.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2014-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2014-07.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beb119f911a698d44f4baa06d888bb1e775983bc", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beb119f911a698d44f4baa06d888bb1e775983bc" - }, - { - "name" : "openSUSE-SU-2014:0836", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00049.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999" + }, + { + "name": "openSUSE-SU-2014:0836", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00049.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beb119f911a698d44f4baa06d888bb1e775983bc", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beb119f911a698d44f4baa06d888bb1e775983bc" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2014-07.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2014-07.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4440.json b/2014/4xxx/CVE-2014-4440.json index 4cb2f24f161..addb32b0ef9 100644 --- a/2014/4xxx/CVE-2014-4440.json +++ b/2014/4xxx/CVE-2014-4440.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "70631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70631" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144440-sec-bypass(97628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20144440-sec-bypass(97628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97628" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "70631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70631" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4819.json b/2014/4xxx/CVE-2014-4819.json index 9d1748ad8aa..af130b0103a 100644 --- a/2014/4xxx/CVE-2014-4819.json +++ b/2014/4xxx/CVE-2014-4819.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682681", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682681" - }, - { - "name" : "IT03097", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03097" - }, - { - "name" : "61356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61356" - }, - { - "name" : "ibm-websphere-cve20144819-info-disc(95456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20144819-info-disc(95456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95456" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682681", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682681" + }, + { + "name": "61356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61356" + }, + { + "name": "IT03097", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03097" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4943.json b/2014/4xxx/CVE-2014-4943.json index 06efec2512b..541dd1b904f 100644 --- a/2014/4xxx/CVE-2014-4943.json +++ b/2014/4xxx/CVE-2014-4943.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36267", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/36267" - }, - { - "name" : "[oss-security] 20140716 CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/17/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1119458", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1119458" - }, - { - "name" : "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3047.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3047.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3048.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3048.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0924.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0924.html" - }, - { - "name" : "DSA-2992", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2992" - }, - { - "name" : "RHSA-2014:1025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1025.html" - }, - { - "name" : "SUSE-SU-2014:1316", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" - }, - { - "name" : "SUSE-SU-2014:1319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "109277", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/109277" - }, - { - "name" : "1030610", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030610" - }, - { - "name" : "60071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60071" - }, - { - "name" : "60220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60220" - }, - { - "name" : "60011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60011" - }, - { - "name" : "60380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60380" - }, - { - "name" : "60393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60393" - }, - { - "name" : "59790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59790" - }, - { - "name" : "linux-kernel-cve20144943-priv-esc(94665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36267", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/36267" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3047.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3047.html" + }, + { + "name": "SUSE-SU-2014:1316", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" + }, + { + "name": "1030610", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030610" + }, + { + "name": "60220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60220" + }, + { + "name": "59790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59790" + }, + { + "name": "RHSA-2014:1025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1025.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf" + }, + { + "name": "SUSE-SU-2014:1319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119458", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119458" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0924.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0924.html" + }, + { + "name": "60393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60393" + }, + { + "name": "60380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60380" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3048.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3048.html" + }, + { + "name": "linux-kernel-cve20144943-priv-esc(94665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94665" + }, + { + "name": "[oss-security] 20140716 CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/17/1" + }, + { + "name": "60011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60011" + }, + { + "name": "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf" + }, + { + "name": "DSA-2992", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2992" + }, + { + "name": "109277", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/109277" + }, + { + "name": "60071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60071" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8132.json b/2014/8xxx/CVE-2014-8132.json index 490fbb35c8d..09253887efb 100644 --- a/2014/8xxx/CVE-2014-8132.json +++ b/2014/8xxx/CVE-2014-8132.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/", - "refsource" : "CONFIRM", - "url" : "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1158089", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1158089" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0014.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0014.html" - }, - { - "name" : "DSA-3488", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3488" - }, - { - "name" : "FEDORA-2014-17303", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html" - }, - { - "name" : "FEDORA-2014-17324", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html" - }, - { - "name" : "FEDORA-2014-17354", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html" - }, - { - "name" : "GLSA-201606-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-12" - }, - { - "name" : "MDVSA-2015:020", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020" - }, - { - "name" : "openSUSE-SU-2015:0017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html" - }, - { - "name" : "USN-2478-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2478-1" - }, - { - "name" : "60838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089" + }, + { + "name": "USN-2478-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2478-1" + }, + { + "name": "GLSA-201606-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-12" + }, + { + "name": "FEDORA-2014-17324", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html" + }, + { + "name": "DSA-3488", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3488" + }, + { + "name": "FEDORA-2014-17303", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html" + }, + { + "name": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/", + "refsource": "CONFIRM", + "url": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0014.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0014.html" + }, + { + "name": "60838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60838" + }, + { + "name": "MDVSA-2015:020", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020" + }, + { + "name": "openSUSE-SU-2015:0017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html" + }, + { + "name": "FEDORA-2014-17354", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8748.json b/2014/8xxx/CVE-2014-8748.json index 7f70c965a9e..b566d3e921b 100644 --- a/2014/8xxx/CVE-2014-8748.json +++ b/2014/8xxx/CVE-2014-8748.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"administer dfp\" permission to inject arbitrary web script or HTML via a slot name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/2179085", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2179085" - }, - { - "name" : "https://www.drupal.org/node/2172167", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2172167" - }, - { - "name" : "102354", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102354" - }, - { - "name" : "56521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"administer dfp\" permission to inject arbitrary web script or HTML via a slot name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56521" + }, + { + "name": "https://www.drupal.org/node/2172167", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2172167" + }, + { + "name": "https://drupal.org/node/2179085", + "refsource": "MISC", + "url": "https://drupal.org/node/2179085" + }, + { + "name": "102354", + "refsource": "OSVDB", + "url": "http://osvdb.org/102354" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9042.json b/2014/9xxx/CVE-2014-9042.json index bdd8d6b9c62..178e7d70b95 100644 --- a/2014/9xxx/CVE-2014-9042.json +++ b/2014/9xxx/CVE-2014-9042.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-028", - "refsource" : "CONFIRM", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028", + "refsource": "CONFIRM", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9064.json b/2014/9xxx/CVE-2014-9064.json index 8ecf32fdd99..77c196807b6 100644 --- a/2014/9xxx/CVE-2014-9064.json +++ b/2014/9xxx/CVE-2014-9064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9277.json b/2014/9xxx/CVE-2014-9277.json index 37bcbff8617..171f4079cb6 100644 --- a/2014/9xxx/CVE-2014-9277.json +++ b/2014/9xxx/CVE-2014-9277.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing in a PHP format request, which causes the string length to change when converting the request to ." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html" - }, - { - "name" : "[oss-security] 20141203 MediaWiki security release - 1.23.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/03/9" - }, - { - "name" : "[oss-security] 20141204 Re: MediaWiki security release - 1.23.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/04/16" - }, - { - "name" : "https://phabricator.wikimedia.org/T73478", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T73478" - }, - { - "name" : "DSA-3100", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3100" - }, - { - "name" : "1031301", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1031301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing in a PHP format request, which causes the string length to change when converting the request to ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031301", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1031301" + }, + { + "name": "https://phabricator.wikimedia.org/T73478", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T73478" + }, + { + "name": "[oss-security] 20141203 MediaWiki security release - 1.23.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9" + }, + { + "name": "[oss-security] 20141204 Re: MediaWiki security release - 1.23.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16" + }, + { + "name": "DSA-3100", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3100" + }, + { + "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9442.json b/2014/9xxx/CVE-2014-9442.json index 147822825c7..325a11d6fdc 100644 --- a/2014/9xxx/CVE-2014-9442.json +++ b/2014/9xxx/CVE-2014-9442.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://research.g0blin.co.uk/g0blin-00022/", - "refsource" : "MISC", - "url" : "https://research.g0blin.co.uk/g0blin-00022/" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1052064/cart66-lite", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1052064/cart66-lite" - }, - { - "name" : "https://wordpress.org/plugins/cart66-lite/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/cart66-lite/changelog/" - }, - { - "name" : "61942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/cart66-lite/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/cart66-lite/changelog/" + }, + { + "name": "https://research.g0blin.co.uk/g0blin-00022/", + "refsource": "MISC", + "url": "https://research.g0blin.co.uk/g0blin-00022/" + }, + { + "name": "61942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61942" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1052064/cart66-lite", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1052064/cart66-lite" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9632.json b/2014/9xxx/CVE-2014-9632.json index b4ca7a67bd7..e59961c8239 100644 --- a/2014/9xxx/CVE-2014-9632.json +++ b/2014/9xxx/CVE-2014-9632.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35993", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35993" - }, - { - "name" : "http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-Privilege-Escalation.html" - }, - { - "name" : "http://www.greyhathacker.net/?p=818", - "refsource" : "MISC", - "url" : "http://www.greyhathacker.net/?p=818" - }, - { - "name" : "http://www.avg.com/eu-en/avg-release-notes", - "refsource" : "CONFIRM", - "url" : "http://www.avg.com/eu-en/avg-release-notes" - }, - { - "name" : "113824", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/113824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.greyhathacker.net/?p=818", + "refsource": "MISC", + "url": "http://www.greyhathacker.net/?p=818" + }, + { + "name": "35993", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35993" + }, + { + "name": "http://www.avg.com/eu-en/avg-release-notes", + "refsource": "CONFIRM", + "url": "http://www.avg.com/eu-en/avg-release-notes" + }, + { + "name": "113824", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/113824" + }, + { + "name": "http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-Privilege-Escalation.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9640.json b/2014/9xxx/CVE-2014-9640.json index eb56a35b98d..809c8e66a45 100644 --- a/2014/9xxx/CVE-2014-9640.json +++ b/2014/9xxx/CVE-2014-9640.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150121 Re: CVE request: two issues in vorbis-tools", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/21/6" - }, - { - "name" : "[oss-security] 20150122 Re: CVE request: two issues in vorbis-tools", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/22/9" - }, - { - "name" : "https://trac.xiph.org/changeset/19117", - "refsource" : "CONFIRM", - "url" : "https://trac.xiph.org/changeset/19117" - }, - { - "name" : "https://trac.xiph.org/ticket/2009", - "refsource" : "CONFIRM", - "url" : "https://trac.xiph.org/ticket/2009" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0051.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0051.html" - }, - { - "name" : "FEDORA-2015-1253", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148852.html" - }, - { - "name" : "MDVSA-2015:037", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:037" - }, - { - "name" : "openSUSE-SU-2015:0231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00032.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-1253", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148852.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0051.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0051.html" + }, + { + "name": "[oss-security] 20150121 Re: CVE request: two issues in vorbis-tools", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/21/6" + }, + { + "name": "https://trac.xiph.org/changeset/19117", + "refsource": "CONFIRM", + "url": "https://trac.xiph.org/changeset/19117" + }, + { + "name": "openSUSE-SU-2015:0231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00032.html" + }, + { + "name": "[oss-security] 20150122 Re: CVE request: two issues in vorbis-tools", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/22/9" + }, + { + "name": "MDVSA-2015:037", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:037" + }, + { + "name": "https://trac.xiph.org/ticket/2009", + "refsource": "CONFIRM", + "url": "https://trac.xiph.org/ticket/2009" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3380.json b/2016/3xxx/CVE-2016-3380.json index 302a90469cb..cfddc56a72d 100644 --- a/2016/3xxx/CVE-2016-3380.json +++ b/2016/3xxx/CVE-2016-3380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3380", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3380", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3611.json b/2016/3xxx/CVE-2016-3611.json index 1fa0c27ebcf..e62f5b0564e 100644 --- a/2016/3xxx/CVE-2016-3611.json +++ b/2016/3xxx/CVE-2016-3611.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91901" - }, - { - "name" : "1036397", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036397", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036397" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91901" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6929.json b/2016/6xxx/CVE-2016-6929.json index 32b705e978d..f89688e189d 100644 --- a/2016/6xxx/CVE-2016-6929.json +++ b/2016/6xxx/CVE-2016-6929.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:1865", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html" - }, - { - "name" : "92927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92927" - }, - { - "name" : "1036791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" + }, + { + "name": "RHSA-2016:1865", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html" + }, + { + "name": "92927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92927" + }, + { + "name": "1036791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036791" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7036.json b/2016/7xxx/CVE-2016-7036.json index 52e4076948d..98869317f59 100644 --- a/2016/7xxx/CVE-2016-7036.json +++ b/2016/7xxx/CVE-2016-7036.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-7036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93", - "refsource" : "CONFIRM", - "url" : "https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93" - }, - { - "name" : "https://github.com/mpdavis/python-jose/releases/tag/1.3.2", - "refsource" : "CONFIRM", - "url" : "https://github.com/mpdavis/python-jose/releases/tag/1.3.2" - }, - { - "name" : "95845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mpdavis/python-jose/releases/tag/1.3.2", + "refsource": "CONFIRM", + "url": "https://github.com/mpdavis/python-jose/releases/tag/1.3.2" + }, + { + "name": "95845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95845" + }, + { + "name": "https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93", + "refsource": "CONFIRM", + "url": "https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7462.json b/2016/7xxx/CVE-2016-7462.json index 254e1c9c496..c5eacdfafcb 100644 --- a/2016/7xxx/CVE-2016-7462.json +++ b/2016/7xxx/CVE-2016-7462.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2016-7462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2016-7462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2016-34", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-34" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2016-0020.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2016-0020.html" - }, - { - "name" : "94351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94351" - }, - { - "name" : "1037297", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94351" + }, + { + "name": "1037297", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037297" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2016-0020.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2016-0020.html" + }, + { + "name": "https://www.tenable.com/security/research/tra-2016-34", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-34" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7484.json b/2016/7xxx/CVE-2016-7484.json index 5a69eba136b..1dbe1cadb05 100644 --- a/2016/7xxx/CVE-2016-7484.json +++ b/2016/7xxx/CVE-2016-7484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7484", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7484", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7848.json b/2016/7xxx/CVE-2016-7848.json index 268b8a86adc..65ecd512fac 100644 --- a/2016/7xxx/CVE-2016-7848.json +++ b/2016/7xxx/CVE-2016-7848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7848", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7848", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8129.json b/2016/8xxx/CVE-2016-8129.json index 830e060b8b1..20a38f8a2db 100644 --- a/2016/8xxx/CVE-2016-8129.json +++ b/2016/8xxx/CVE-2016-8129.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8129", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8129", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file