From 24314533d04d15374528d3caf9ca1d6c963b9cb3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:34:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1077.json | 170 +-- 2001/1xxx/CVE-2001-1215.json | 150 +-- 2006/2xxx/CVE-2006-2298.json | 190 ++-- 2006/2xxx/CVE-2006-2714.json | 170 +-- 2006/2xxx/CVE-2006-2766.json | 240 ++--- 2006/2xxx/CVE-2006-2940.json | 1590 ++++++++++++++-------------- 2006/3xxx/CVE-2006-3049.json | 160 +-- 2006/3xxx/CVE-2006-3091.json | 190 ++-- 2006/6xxx/CVE-2006-6131.json | 200 ++-- 2006/6xxx/CVE-2006-6559.json | 140 +-- 2006/6xxx/CVE-2006-6606.json | 160 +-- 2006/6xxx/CVE-2006-6642.json | 160 +-- 2006/6xxx/CVE-2006-6713.json | 150 +-- 2011/0xxx/CVE-2011-0246.json | 130 +-- 2011/0xxx/CVE-2011-0313.json | 34 +- 2011/2xxx/CVE-2011-2570.json | 34 +- 2011/2xxx/CVE-2011-2843.json | 160 +-- 2011/3xxx/CVE-2011-3021.json | 210 ++-- 2011/3xxx/CVE-2011-3179.json | 130 +-- 2011/3xxx/CVE-2011-3811.json | 140 +-- 2011/4xxx/CVE-2011-4432.json | 130 +-- 2011/4xxx/CVE-2011-4452.json | 150 +-- 2011/4xxx/CVE-2011-4888.json | 34 +- 2011/4xxx/CVE-2011-4952.json | 34 +- 2013/5xxx/CVE-2013-5384.json | 34 +- 2013/5xxx/CVE-2013-5666.json | 150 +-- 2013/5xxx/CVE-2013-5930.json | 130 +-- 2014/2xxx/CVE-2014-2066.json | 140 +-- 2014/2xxx/CVE-2014-2122.json | 150 +-- 2014/2xxx/CVE-2014-2391.json | 120 +-- 2014/2xxx/CVE-2014-2511.json | 160 +-- 2014/2xxx/CVE-2014-2518.json | 160 +-- 2014/6xxx/CVE-2014-6049.json | 130 +-- 2014/6xxx/CVE-2014-6276.json | 140 +-- 2014/6xxx/CVE-2014-6304.json | 130 +-- 2014/6xxx/CVE-2014-6745.json | 140 +-- 2014/6xxx/CVE-2014-6920.json | 140 +-- 2014/7xxx/CVE-2014-7861.json | 130 +-- 2017/0xxx/CVE-2017-0301.json | 144 +-- 2017/0xxx/CVE-2017-0450.json | 140 +-- 2017/0xxx/CVE-2017-0830.json | 162 +-- 2017/1000xxx/CVE-2017-1000357.json | 135 ++- 2017/18xxx/CVE-2017-18095.json | 138 +-- 2017/18xxx/CVE-2017-18116.json | 34 +- 2017/18xxx/CVE-2017-18293.json | 140 +-- 2017/1xxx/CVE-2017-1854.json | 34 +- 2017/1xxx/CVE-2017-1996.json | 34 +- 2017/4xxx/CVE-2017-4163.json | 34 +- 2017/4xxx/CVE-2017-4385.json | 34 +- 2017/4xxx/CVE-2017-4554.json | 34 +- 2017/4xxx/CVE-2017-4767.json | 34 +- 2017/5xxx/CVE-2017-5645.json | 400 +++---- 52 files changed, 4096 insertions(+), 4111 deletions(-) diff --git a/2001/1xxx/CVE-2001-1077.json b/2001/1xxx/CVE-2001-1077.json index fc4462b38c0..963b34697cb 100644 --- a/2001/1xxx/CVE-2001-1077.json +++ b/2001/1xxx/CVE-2001-1077.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010615 Rxvt vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/191510" - }, - { - "name" : "DSA-062", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-062" - }, - { - "name" : "IMNX-2001-70-028-01", - "refsource" : "IMMUNIX", - "url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01" - }, - { - "name" : "MDKSA-2001:060", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php" - }, - { - "name" : "rxvt-ttprintf-bo(6701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6701" - }, - { - "name" : "2878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2878" + }, + { + "name": "MDKSA-2001:060", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php" + }, + { + "name": "20010615 Rxvt vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/191510" + }, + { + "name": "rxvt-ttprintf-bo(6701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6701" + }, + { + "name": "DSA-062", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-062" + }, + { + "name": "IMNX-2001-70-028-01", + "refsource": "IMMUNIX", + "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1215.json b/2001/1xxx/CVE-2001-1215.json index 447fa7ca5a3..1ee4ed38bc6 100644 --- a/2001/1xxx/CVE-2001-1215.json +++ b/2001/1xxx/CVE-2001-1215.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011220 [CERT-intexxia] pfinger Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/246656" - }, - { - "name" : "http://www.xelia.ch/unix/pfinger/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.xelia.ch/unix/pfinger/ChangeLog" - }, - { - "name" : "pfinger-plan-format-string(7742)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7742.php" - }, - { - "name" : "3725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pfinger-plan-format-string(7742)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7742.php" + }, + { + "name": "http://www.xelia.ch/unix/pfinger/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.xelia.ch/unix/pfinger/ChangeLog" + }, + { + "name": "3725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3725" + }, + { + "name": "20011220 [CERT-intexxia] pfinger Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/246656" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2298.json b/2006/2xxx/CVE-2006-2298.json index e075186c753..b5cb1c05d4c 100644 --- a/2006/2xxx/CVE-2006-2298.json +++ b/2006/2xxx/CVE-2006-2298.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" - }, - { - "name" : "102246", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102246-1" - }, - { - "name" : "17902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17902" - }, - { - "name" : "ADV-2006-1733", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1733" - }, - { - "name" : "1016043", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016043" - }, - { - "name" : "20050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20050" - }, - { - "name" : "solaris-libike-dos(26311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" + }, + { + "name": "17902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17902" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" + }, + { + "name": "solaris-libike-dos(26311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26311" + }, + { + "name": "102246", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102246-1" + }, + { + "name": "ADV-2006-1733", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1733" + }, + { + "name": "1016043", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016043" + }, + { + "name": "20050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20050" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2714.json b/2006/2xxx/CVE-2006-2714.json index 0096869d075..4fb4dbe149b 100644 --- a/2006/2xxx/CVE-2006-2714.json +++ b/2006/2xxx/CVE-2006-2714.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-6Q6SDL", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/WDON-6Q6SDL" - }, - { - "name" : "VU#635721", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/635721" - }, - { - "name" : "ADV-2006-2069", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2069" - }, - { - "name" : "1016184", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016184" - }, - { - "name" : "20378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20378" - }, - { - "name" : "c5evm-ceid-weak-security(26783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "c5evm-ceid-weak-security(26783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26783" + }, + { + "name": "VU#635721", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/635721" + }, + { + "name": "20378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20378" + }, + { + "name": "ADV-2006-2069", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2069" + }, + { + "name": "1016184", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016184" + }, + { + "name": "http://www.kb.cert.org/vuls/id/WDON-6Q6SDL", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/WDON-6Q6SDL" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2766.json b/2006/2xxx/CVE-2006-2766.json index dd18e7249ca..83f09331bb9 100644 --- a/2006/2xxx/CVE-2006-2766.json +++ b/2006/2xxx/CVE-2006-2766.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060531 Internet explorer Vulnerbility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435492/100/0/threaded" - }, - { - "name" : "20060601 RE: Internet explorer Vulnerbility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435616/100/0/threaded" - }, - { - "name" : "20060601 Re: Internet explorer Vulnerbility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435609/100/0/threaded" - }, - { - "name" : "MS06-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#891204", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/891204" - }, - { - "name" : "18198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18198" - }, - { - "name" : "ADV-2006-2088", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2088" - }, - { - "name" : "25949", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25949" - }, - { - "name" : "oval:org.mitre.oval:def:441", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" - }, - { - "name" : "1016654", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016654" - }, - { - "name" : "20384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20384" - }, - { - "name" : "ie-mhtml-mid-bo(26810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060531 Internet explorer Vulnerbility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded" + }, + { + "name": "VU#891204", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/891204" + }, + { + "name": "20384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20384" + }, + { + "name": "ADV-2006-2088", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2088" + }, + { + "name": "ie-mhtml-mid-bo(26810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" + }, + { + "name": "25949", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25949" + }, + { + "name": "oval:org.mitre.oval:def:441", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" + }, + { + "name": "1016654", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016654" + }, + { + "name": "20060601 Re: Internet explorer Vulnerbility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded" + }, + { + "name": "MS06-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "18198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18198" + }, + { + "name": "20060601 RE: Internet explorer Vulnerbility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2940.json b/2006/2xxx/CVE-2006-2940.json index c266ded6ad0..601ea836462 100644 --- a/2006/2xxx/CVE-2006-2940.json +++ b/2006/2xxx/CVE-2006-2940.json @@ -1,797 +1,797 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070110 VMware ESX server security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456546/100/200/threaded" - }, - { - "name" : "20060928 rPSA-2006-0175-1 openssl openssl-scripts", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447318/100/0/threaded" - }, - { - "name" : "20060929 rPSA-2006-0175-2 openssl openssl-scripts", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447393/100/0/threaded" - }, - { - "name" : "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489739/100/0/threaded" - }, - { - "name" : "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" - }, - { - "name" : "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=bind-announce&m=116253119512445&w=2" - }, - { - "name" : "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" - }, - { - "name" : "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en" - }, - { - "name" : "http://www.openssl.org/news/secadv_20060928.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20060928.txt" - }, - { - "name" : "http://kolab.org/security/kolab-vendor-notice-11.txt", - "refsource" : "CONFIRM", - "url" : "http://kolab.org/security/kolab-vendor-notice-11.txt" - }, - { - "name" : "http://openvpn.net/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://openvpn.net/changelog.html" - }, - { - "name" : "http://www.serv-u.com/releasenotes/", - "refsource" : "CONFIRM", - "url" : "http://www.serv-u.com/releasenotes/" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" - }, - { - "name" : "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf" - }, - { - "name" : "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" - }, - { - "name" : "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" - }, - { - "name" : "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" - }, - { - "name" : "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" - }, - { - "name" : "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" - }, - { - "name" : "http://issues.rpath.com/browse/RPL-613", - "refsource" : "CONFIRM", - "url" : "http://issues.rpath.com/browse/RPL-613" - }, - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1633", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1633" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" - }, - { - "name" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" - }, - { - "name" : "http://www.vmware.com/support/player/doc/releasenotes_player.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player/doc/releasenotes_player.html" - }, - { - "name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" - }, - { - "name" : "http://www.vmware.com/support/server/doc/releasenotes_server.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/server/doc/releasenotes_server.html" - }, - { - "name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" - }, - { - "name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" - }, - { - "name" : "http://support.attachmate.com/techdocs/2374.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/2374.html" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "20061108 Multiple Vulnerabilities in OpenSSL library", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" - }, - { - "name" : "20061108 Multiple Vulnerabilities in OpenSSL Library", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" - }, - { - "name" : "DSA-1185", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1185" - }, - { - "name" : "DSA-1195", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1195" - }, - { - "name" : "FreeBSD-SA-06:23.openssl", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" - }, - { - "name" : "GLSA-200610-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-11.xml" - }, - { - "name" : "GLSA-200612-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" - }, - { - "name" : "HPSBUX02174", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" - }, - { - "name" : "SSRT061239", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" - }, - { - "name" : "HPSBUX02186", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" - }, - { - "name" : "SSRT071299", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" - }, - { - "name" : "HPSBTU02207", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" - }, - { - "name" : "SSRT061213", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" - }, - { - "name" : "SSRT071304", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" - }, - { - "name" : "HPSBMA02250", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" - }, - { - "name" : "SSRT061275", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" - }, - { - "name" : "HPSBOV02683", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "SSRT090208", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "MDKSA-2006:172", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" - }, - { - "name" : "MDKSA-2006:177", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" - }, - { - "name" : "MDKSA-2006:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" - }, - { - "name" : "NetBSD-SA2008-007", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" - }, - { - "name" : "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", - "refsource" : "OPENBSD", - "url" : "http://openbsd.org/errata.html#openssl2" - }, - { - "name" : "OpenPKG-SA-2006.021", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" - }, - { - "name" : "RHSA-2006:0695", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0695.html" - }, - { - "name" : "RHSA-2008:0629", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0629.html" - }, - { - "name" : "20061001-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" - }, - { - "name" : "SSA:2006-272-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946" - }, - { - "name" : "102668", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" - }, - { - "name" : "102747", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1" - }, - { - "name" : "200585", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1" - }, - { - "name" : "201534", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1" - }, - { - "name" : "SUSE-SA:2006:058", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" - }, - { - "name" : "SUSE-SR:2006:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_24_sr.html" - }, - { - "name" : "2006-0054", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0054" - }, - { - "name" : "USN-353-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-353-1" - }, - { - "name" : "USN-353-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-353-2" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "20247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20247" - }, - { - "name" : "22083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22083" - }, - { - "name" : "28276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28276" - }, - { - "name" : "oval:org.mitre.oval:def:10311", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311" - }, - { - "name" : "ADV-2006-3820", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3820" - }, - { - "name" : "ADV-2006-3860", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3860" - }, - { - "name" : "ADV-2006-3902", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3902" - }, - { - "name" : "ADV-2006-3869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3869" - }, - { - "name" : "ADV-2006-3936", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3936" - }, - { - "name" : "ADV-2006-4019", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4019" - }, - { - "name" : "ADV-2006-4036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4036" - }, - { - "name" : "ADV-2006-4264", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4264" - }, - { - "name" : "ADV-2006-4327", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4327" - }, - { - "name" : "ADV-2006-4329", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4329" - }, - { - "name" : "ADV-2006-4417", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4417" - }, - { - "name" : "ADV-2006-4401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4401" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "ADV-2006-4980", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4980" - }, - { - "name" : "ADV-2007-0343", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0343" - }, - { - "name" : "ADV-2007-1401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1401" - }, - { - "name" : "ADV-2007-2315", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2315" - }, - { - "name" : "ADV-2007-2783", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2783" - }, - { - "name" : "ADV-2008-0905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0905/references" - }, - { - "name" : "ADV-2008-2396", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2396" - }, - { - "name" : "29261", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29261" - }, - { - "name" : "1016943", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016943" - }, - { - "name" : "1017522", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017522" - }, - { - "name" : "22130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22130" - }, - { - "name" : "22094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22094" - }, - { - "name" : "22165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22165" - }, - { - "name" : "22186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22186" - }, - { - "name" : "22193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22193" - }, - { - "name" : "22207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22207" - }, - { - "name" : "22259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22259" - }, - { - "name" : "22260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22260" - }, - { - "name" : "22166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22166" - }, - { - "name" : "22172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22172" - }, - { - "name" : "22212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22212" - }, - { - "name" : "22240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22240" - }, - { - "name" : "22216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22216" - }, - { - "name" : "22116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22116" - }, - { - "name" : "22220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22220" - }, - { - "name" : "22284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22284" - }, - { - "name" : "22330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22330" - }, - { - "name" : "22385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22385" - }, - { - "name" : "22460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22460" - }, - { - "name" : "22500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22500" - }, - { - "name" : "22544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22544" - }, - { - "name" : "22626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22626" - }, - { - "name" : "22487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22487" - }, - { - "name" : "22671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22671" - }, - { - "name" : "22758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22758" - }, - { - "name" : "22799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22799" - }, - { - "name" : "22772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22772" - }, - { - "name" : "23038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23038" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - }, - { - "name" : "22298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22298" - }, - { - "name" : "23309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23309" - }, - { - "name" : "23280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23280" - }, - { - "name" : "23340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23340" - }, - { - "name" : "23351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23351" - }, - { - "name" : "23680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23680" - }, - { - "name" : "23794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23794" - }, - { - "name" : "23915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23915" - }, - { - "name" : "24950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24950" - }, - { - "name" : "24930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24930" - }, - { - "name" : "25889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25889" - }, - { - "name" : "26329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26329" - }, - { - "name" : "26893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26893" - }, - { - "name" : "30124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30124" - }, - { - "name" : "31531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31531" - }, - { - "name" : "31492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31492" - }, - { - "name" : "openssl-publickey-dos(29230)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:172", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" + }, + { + "name": "22212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22212" + }, + { + "name": "USN-353-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-353-2" + }, + { + "name": "http://support.attachmate.com/techdocs/2374.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/2374.html" + }, + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" + }, + { + "name": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en" + }, + { + "name": "23915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23915" + }, + { + "name": "201534", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1" + }, + { + "name": "HPSBMA02250", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" + }, + { + "name": "1016943", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016943" + }, + { + "name": "23038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23038" + }, + { + "name": "2006-0054", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0054" + }, + { + "name": "DSA-1195", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1195" + }, + { + "name": "23309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23309" + }, + { + "name": "26893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26893" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" + }, + { + "name": "ADV-2006-4401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4401" + }, + { + "name": "USN-353-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-353-1" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227" + }, + { + "name": "22116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22116" + }, + { + "name": "SSRT071304", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" + }, + { + "name": "GLSA-200612-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" + }, + { + "name": "22166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22166" + }, + { + "name": "RHSA-2006:0695", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" + }, + { + "name": "23340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23340" + }, + { + "name": "22385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22385" + }, + { + "name": "SUSE-SR:2006:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" + }, + { + "name": "22758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22758" + }, + { + "name": "22487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22487" + }, + { + "name": "SUSE-SA:2006:058", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" + }, + { + "name": "22772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22772" + }, + { + "name": "SSRT071299", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" + }, + { + "name": "31531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31531" + }, + { + "name": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf", + "refsource": "CONFIRM", + "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf" + }, + { + "name": "FreeBSD-SA-06:23.openssl", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" + }, + { + "name": "22165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22165" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" + }, + { + "name": "23794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23794" + }, + { + "name": "SSRT090208", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "22220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22220" + }, + { + "name": "23680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23680" + }, + { + "name": "http://openvpn.net/changelog.html", + "refsource": "CONFIRM", + "url": "http://openvpn.net/changelog.html" + }, + { + "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1633", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1633" + }, + { + "name": "25889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25889" + }, + { + "name": "ADV-2006-4036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4036" + }, + { + "name": "oval:org.mitre.oval:def:10311", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311" + }, + { + "name": "ADV-2006-4019", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4019" + }, + { + "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", + "refsource": "OPENBSD", + "url": "http://openbsd.org/errata.html#openssl2" + }, + { + "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" + }, + { + "name": "30124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30124" + }, + { + "name": "22626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22626" + }, + { + "name": "openssl-publickey-dos(29230)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230" + }, + { + "name": "22083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22083" + }, + { + "name": "MDKSA-2006:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" + }, + { + "name": "23351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23351" + }, + { + "name": "ADV-2006-3869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3869" + }, + { + "name": "22671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22671" + }, + { + "name": "22544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22544" + }, + { + "name": "22298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22298" + }, + { + "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" + }, + { + "name": "22130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22130" + }, + { + "name": "31492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31492" + }, + { + "name": "ADV-2006-4329", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4329" + }, + { + "name": "22284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22284" + }, + { + "name": "24930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24930" + }, + { + "name": "ADV-2006-4327", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4327" + }, + { + "name": "RHSA-2008:0629", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" + }, + { + "name": "GLSA-200610-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" + }, + { + "name": "http://issues.rpath.com/browse/RPL-613", + "refsource": "CONFIRM", + "url": "http://issues.rpath.com/browse/RPL-613" + }, + { + "name": "26329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26329" + }, + { + "name": "22260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22260" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" + }, + { + "name": "ADV-2007-0343", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0343" + }, + { + "name": "ADV-2006-3860", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3860" + }, + { + "name": "23280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23280" + }, + { + "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" + }, + { + "name": "SSRT061213", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" + }, + { + "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" + }, + { + "name": "ADV-2006-4264", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4264" + }, + { + "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" + }, + { + "name": "22193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22193" + }, + { + "name": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" + }, + { + "name": "ADV-2008-2396", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2396" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "22799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22799" + }, + { + "name": "200585", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1" + }, + { + "name": "SSA:2006-272-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946" + }, + { + "name": "ADV-2006-4417", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4417" + }, + { + "name": "HPSBUX02186", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" + }, + { + "name": "HPSBOV02683", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "http://www.serv-u.com/releasenotes/", + "refsource": "CONFIRM", + "url": "http://www.serv-u.com/releasenotes/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" + }, + { + "name": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" + }, + { + "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", + "refsource": "MLIST", + "url": "http://marc.info/?l=bind-announce&m=116253119512445&w=2" + }, + { + "name": "22094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22094" + }, + { + "name": "22186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22186" + }, + { + "name": "http://www.openssl.org/news/secadv_20060928.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20060928.txt" + }, + { + "name": "http://kolab.org/security/kolab-vendor-notice-11.txt", + "refsource": "CONFIRM", + "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" + }, + { + "name": "ADV-2007-2315", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2315" + }, + { + "name": "22500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22500" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + }, + { + "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" + }, + { + "name": "22216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22216" + }, + { + "name": "ADV-2006-3820", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3820" + }, + { + "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" + }, + { + "name": "HPSBUX02174", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" + }, + { + "name": "OpenPKG-SA-2006.021", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" + }, + { + "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" + }, + { + "name": "102747", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1" + }, + { + "name": "ADV-2008-0905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0905/references" + }, + { + "name": "ADV-2007-1401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1401" + }, + { + "name": "20247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20247" + }, + { + "name": "29261", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29261" + }, + { + "name": "NetBSD-SA2008-007", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" + }, + { + "name": "SSRT061275", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" + }, + { + "name": "20070110 VMware ESX server security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" + }, + { + "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" + }, + { + "name": "ADV-2006-3936", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3936" + }, + { + "name": "ADV-2006-4980", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4980" + }, + { + "name": "22240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22240" + }, + { + "name": "22330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22330" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" + }, + { + "name": "HPSBTU02207", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" + }, + { + "name": "DSA-1185", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1185" + }, + { + "name": "20061001-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" + }, + { + "name": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf", + "refsource": "CONFIRM", + "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf" + }, + { + "name": "22207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22207" + }, + { + "name": "MDKSA-2006:177", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" + }, + { + "name": "1017522", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017522" + }, + { + "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" + }, + { + "name": "ADV-2006-3902", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3902" + }, + { + "name": "ADV-2007-2783", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2783" + }, + { + "name": "22259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22259" + }, + { + "name": "22460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22460" + }, + { + "name": "22172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22172" + }, + { + "name": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" + }, + { + "name": "SSRT061239", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" + }, + { + "name": "28276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28276" + }, + { + "name": "102668", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" + }, + { + "name": "20061108 Multiple Vulnerabilities in OpenSSL library", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" + }, + { + "name": "24950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24950" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3049.json b/2006/3xxx/CVE-2006-3049.json index d08a9b5935c..69eb169466a 100644 --- a/2006/3xxx/CVE-2006-3049.json +++ b/2006/3xxx/CVE-2006-3049.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060609 mole.com.ua Ticket Booking Script - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-06/0111.html" - }, - { - "name" : "20060615 [SECUNIA] Re: 20612 typo? (fwd) ", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-June/000868.html" - }, - { - "name" : "ADV-2006-2305", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2305" - }, - { - "name" : "20612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20612" - }, - { - "name" : "ticket-booking-booking2-xss(27150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "VIM", + "name": "20060615 [SECUNIA] Re: 20612 typo? (fwd)", + "url": "http://www.attrition.org/pipermail/vim/2006-June/000868.html" + }, + { + "name": "ticket-booking-booking2-xss(27150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27150" + }, + { + "name": "20612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20612" + }, + { + "name": "ADV-2006-2305", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2305" + }, + { + "name": "20060609 mole.com.ua Ticket Booking Script - XSS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0111.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3091.json b/2006/3xxx/CVE-2006-3091.json index 70c2404d687..ef12771d68c 100644 --- a/2006/3xxx/CVE-2006-3091.json +++ b/2006/3xxx/CVE-2006-3091.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to (1) /verif.php, (2) /inc/footer.php, and (3) /remises/ajouter_remise.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060610 PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437025/100/0/threaded" - }, - { - "name" : "http://www.acid-root.new.fr/advisories/phpmyfactures.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/phpmyfactures.txt" - }, - { - "name" : "26486", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26486" - }, - { - "name" : "26487", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26487" - }, - { - "name" : "26488", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26488" - }, - { - "name" : "20642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20642" - }, - { - "name" : "1111", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1111" - }, - { - "name" : "phpmyfactures-multi-scripts-path-disclosure(27205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to (1) /verif.php, (2) /inc/footer.php, and (3) /remises/ajouter_remise.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26488", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26488" + }, + { + "name": "20060610 PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437025/100/0/threaded" + }, + { + "name": "phpmyfactures-multi-scripts-path-disclosure(27205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27205" + }, + { + "name": "26487", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26487" + }, + { + "name": "20642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20642" + }, + { + "name": "http://www.acid-root.new.fr/advisories/phpmyfactures.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/phpmyfactures.txt" + }, + { + "name": "26486", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26486" + }, + { + "name": "1111", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1111" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6131.json b/2006/6xxx/CVE-2006-6131.json index ec81c780e24..716cf757f91 100644 --- a/2006/6xxx/CVE-2006-6131.json +++ b/2006/6xxx/CVE-2006-6131.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061116 Kerio WebSTAR local privilege escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451832/100/200/threaded" - }, - { - "name" : "http://www.digitalmunition.com/DMA[2006-1115a].txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA[2006-1115a].txt" - }, - { - "name" : "21123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21123" - }, - { - "name" : "ADV-2006-4539", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4539" - }, - { - "name" : "30450", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30450" - }, - { - "name" : "1017239", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017239" - }, - { - "name" : "22906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22906" - }, - { - "name" : "1921", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1921" - }, - { - "name" : "kerio-webstar-privilege-escalation(30308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21123" + }, + { + "name": "1017239", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017239" + }, + { + "name": "kerio-webstar-privilege-escalation(30308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308" + }, + { + "name": "http://www.digitalmunition.com/DMA[2006-1115a].txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA[2006-1115a].txt" + }, + { + "name": "20061116 Kerio WebSTAR local privilege escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded" + }, + { + "name": "30450", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30450" + }, + { + "name": "1921", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1921" + }, + { + "name": "ADV-2006-4539", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4539" + }, + { + "name": "22906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22906" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6559.json b/2006/6xxx/CVE-2006-6559.json index b871e0236a2..f133924a7dd 100644 --- a/2006/6xxx/CVE-2006-6559.json +++ b/2006/6xxx/CVE-2006-6559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ProductDetails.asp in Lotfian Request For Travel 1.0 allows remote attackers to execute arbitrary SQL commands via the PID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2908", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2908" - }, - { - "name" : "ADV-2006-4933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4933" - }, - { - "name" : "request-product-sql-injection(30836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ProductDetails.asp in Lotfian Request For Travel 1.0 allows remote attackers to execute arbitrary SQL commands via the PID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4933" + }, + { + "name": "2908", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2908" + }, + { + "name": "request-product-sql-injection(30836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30836" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6606.json b/2006/6xxx/CVE-2006-6606.json index c9b3d54504e..f2bdf204b98 100644 --- a/2006/6xxx/CVE-2006-6606.json +++ b/2006/6xxx/CVE-2006-6606.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=470844", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=470844" - }, - { - "name" : "21588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21588" - }, - { - "name" : "ADV-2006-5001", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5001" - }, - { - "name" : "23350", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23350" - }, - { - "name" : "jclarens-unspecified-sql-injection(30881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21588" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=470844", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=470844" + }, + { + "name": "23350", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23350" + }, + { + "name": "ADV-2006-5001", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5001" + }, + { + "name": "jclarens-unspecified-sql-injection(30881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30881" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6642.json b/2006/6xxx/CVE-2006-6642.json index 6b2453cd378..5659305765b 100644 --- a/2006/6xxx/CVE-2006-6642.json +++ b/2006/6xxx/CVE-2006-6642.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061216 Contra Haber Sistemi v1.0 SqL Injection Vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454594/100/0/threaded" - }, - { - "name" : "21626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21626" - }, - { - "name" : "ADV-2006-5036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5036" - }, - { - "name" : "2050", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2050" - }, - { - "name" : "contra-haber-sql-injection(30917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21626" + }, + { + "name": "contra-haber-sql-injection(30917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30917" + }, + { + "name": "2050", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2050" + }, + { + "name": "20061216 Contra Haber Sistemi v1.0 SqL Injection Vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454594/100/0/threaded" + }, + { + "name": "ADV-2006-5036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5036" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6713.json b/2006/6xxx/CVE-2006-6713.json index 89401f1eee1..2397e57a20b 100644 --- a/2006/6xxx/CVE-2006-6713.json +++ b/2006/6xxx/CVE-2006-6713.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html" - }, - { - "name" : "21692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21692" - }, - { - "name" : "ADV-2006-5098", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5098" - }, - { - "name" : "23421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5098", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5098" + }, + { + "name": "23421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23421" + }, + { + "name": "21692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21692" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0246.json b/2011/0xxx/CVE-2011-0246.json index d30cb60b639..9d8c2cddbd4 100644 --- a/2011/0xxx/CVE-2011-0246.json +++ b/2011/0xxx/CVE-2011-0246.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2011-08-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" - }, - { - "name" : "oval:org.mitre.oval:def:15681", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15681", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15681" + }, + { + "name": "APPLE-SA-2011-08-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0313.json b/2011/0xxx/CVE-2011-0313.json index 4592d3a22e6..8fc743f86ce 100644 --- a/2011/0xxx/CVE-2011-0313.json +++ b/2011/0xxx/CVE-2011-0313.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0313", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0313", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2570.json b/2011/2xxx/CVE-2011-2570.json index 5987e847629..a265d74a34c 100644 --- a/2011/2xxx/CVE-2011-2570.json +++ b/2011/2xxx/CVE-2011-2570.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2570", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2570", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2843.json b/2011/2xxx/CVE-2011-2843.json index 358577b8df5..4563e9a7307 100644 --- a/2011/2xxx/CVE-2011-2843.json +++ b/2011/2xxx/CVE-2011-2843.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=82438", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=82438" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "75543", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75543" - }, - { - "name" : "oval:org.mitre.oval:def:14547", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14547" - }, - { - "name" : "chrome-media-buffers-code-exec(69870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14547", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14547" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=82438", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=82438" + }, + { + "name": "chrome-media-buffers-code-exec(69870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69870" + }, + { + "name": "75543", + "refsource": "OSVDB", + "url": "http://osvdb.org/75543" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3021.json b/2011/3xxx/CVE-2011-3021.json index 68fbed9f846..8ef5e32d980 100644 --- a/2011/3xxx/CVE-2011-3021.json +++ b/2011/3xxx/CVE-2011-3021.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=111779", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=111779" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:15020", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15020" - }, - { - "name" : "48016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=111779", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=111779" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:15020", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15020" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" + }, + { + "name": "48016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48016" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3179.json b/2011/3xxx/CVE-2011-3179.json index 7b04420ffe3..a75ab2b2645 100644 --- a/2011/3xxx/CVE-2011-3179.json +++ b/2011/3xxx/CVE-2011-3179.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7009634", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7009634" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=712158", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=712158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7009634", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7009634" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=712158", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=712158" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3811.json b/2011/3xxx/CVE-2011-3811.json index d8efd9ecbab..478b470cd77 100644 --- a/2011/3xxx/CVE-2011-3811.json +++ b/2011/3xxx/CVE-2011-3811.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/tomatocart-1.1.3", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/tomatocart-1.1.3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/tomatocart-1.1.3", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/tomatocart-1.1.3" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4432.json b/2011/4xxx/CVE-2011-4432.json index 71573a7141f..21f8eda7231 100644 --- a/2011/4xxx/CVE-2011-4432.json +++ b/2011/4xxx/CVE-2011-4432.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt" - }, - { - "name" : "8530", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt" + }, + { + "name": "8530", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8530" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4452.json b/2011/4xxx/CVE-2011-4452.json index debccee5117..60f92f8daf6 100644 --- a/2011/4xxx/CVE-2011-4452.json +++ b/2011/4xxx/CVE-2011-4452.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wush.net/trac/wikka/changeset/1819", - "refsource" : "CONFIRM", - "url" : "http://wush.net/trac/wikka/changeset/1819" - }, - { - "name" : "http://wush.net/trac/wikka/changeset/1832", - "refsource" : "CONFIRM", - "url" : "http://wush.net/trac/wikka/changeset/1832" - }, - { - "name" : "http://wush.net/trac/wikka/ticket/1097", - "refsource" : "CONFIRM", - "url" : "http://wush.net/trac/wikka/ticket/1097" - }, - { - "name" : "http://wush.net/trac/wikka/ticket/1098", - "refsource" : "CONFIRM", - "url" : "http://wush.net/trac/wikka/ticket/1098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wush.net/trac/wikka/changeset/1832", + "refsource": "CONFIRM", + "url": "http://wush.net/trac/wikka/changeset/1832" + }, + { + "name": "http://wush.net/trac/wikka/ticket/1098", + "refsource": "CONFIRM", + "url": "http://wush.net/trac/wikka/ticket/1098" + }, + { + "name": "http://wush.net/trac/wikka/changeset/1819", + "refsource": "CONFIRM", + "url": "http://wush.net/trac/wikka/changeset/1819" + }, + { + "name": "http://wush.net/trac/wikka/ticket/1097", + "refsource": "CONFIRM", + "url": "http://wush.net/trac/wikka/ticket/1097" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4888.json b/2011/4xxx/CVE-2011-4888.json index 171b03b6610..4d070e4caaf 100644 --- a/2011/4xxx/CVE-2011-4888.json +++ b/2011/4xxx/CVE-2011-4888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4888", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4888", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4952.json b/2011/4xxx/CVE-2011-4952.json index 8de144fe3cf..be8b4872b42 100644 --- a/2011/4xxx/CVE-2011-4952.json +++ b/2011/4xxx/CVE-2011-4952.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4952", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4952", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5384.json b/2013/5xxx/CVE-2013-5384.json index 08e5fdfaa87..0e5b41cd4fb 100644 --- a/2013/5xxx/CVE-2013-5384.json +++ b/2013/5xxx/CVE-2013-5384.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5384", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5384", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5666.json b/2013/5xxx/CVE-2013-5666.json index e3247f9eff5..23e5244239c 100644 --- a/2013/5xxx/CVE-2013-5666.json +++ b/2013/5xxx/CVE-2013-5666.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svnweb.freebsd.org/base?view=revision&revision=255442", - "refsource" : "CONFIRM", - "url" : "http://svnweb.freebsd.org/base?view=revision&revision=255442" - }, - { - "name" : "FreeBSD-SA-13:11", - "refsource" : "FREEBSD", - "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-13%3a11.sendfile.asc" - }, - { - "name" : "97142", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97142" - }, - { - "name" : "1029013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-13:11", + "refsource": "FREEBSD", + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13%3a11.sendfile.asc" + }, + { + "name": "97142", + "refsource": "OSVDB", + "url": "http://osvdb.org/97142" + }, + { + "name": "1029013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029013" + }, + { + "name": "http://svnweb.freebsd.org/base?view=revision&revision=255442", + "refsource": "CONFIRM", + "url": "http://svnweb.freebsd.org/base?view=revision&revision=255442" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5930.json b/2013/5xxx/CVE-2013-5930.json index fb6fd356d8c..820089f7dd5 100644 --- a/2013/5xxx/CVE-2013-5930.json +++ b/2013/5xxx/CVE-2013-5930.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt" - }, - { - "name" : "realestatephpscript-bos-xss(86986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt" + }, + { + "name": "realestatephpscript-bos-xss(86986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86986" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2066.json b/2014/2xxx/CVE-2014-2066.json index eb22a8d6ac7..4dce50cf3f6 100644 --- a/2014/2xxx/CVE-2014-2066.json +++ b/2014/2xxx/CVE-2014-2066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the \"override\" of Jenkins cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-2066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/21/2" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the \"override\" of Jenkins cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a" + }, + { + "name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2122.json b/2014/2xxx/CVE-2014-2122.json index bfbf0935bd7..6338c7d831b 100644 --- a/2014/2xxx/CVE-2014-2122.json +++ b/2014/2xxx/CVE-2014-2122.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140318 Cisco Hosted Collaboration Solution Memory Leak Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2122" - }, - { - "name" : "66293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66293" - }, - { - "name" : "1029936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029936" - }, - { - "name" : "cisco-hosted-cve20142122-dos(91907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-hosted-cve20142122-dos(91907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91907" + }, + { + "name": "66293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66293" + }, + { + "name": "1029936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029936" + }, + { + "name": "20140318 Cisco Hosted Collaboration Solution Memory Leak Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2122" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2391.json b/2014/2xxx/CVE-2014-2391.json index 8e1242e72ed..357a1b7a374 100644 --- a/2014/2xxx/CVE-2014-2391.json +++ b/2014/2xxx/CVE-2014-2391.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140408 Open-Xchange Security Advisory 2014-04-08", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140408 Open-Xchange Security Advisory 2014-04-08", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531762" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2511.json b/2014/2xxx/CVE-2014-2511.json index 30b122ba3fd..fa05fc896e1 100644 --- a/2014/2xxx/CVE-2014-2511.json +++ b/2014/2xxx/CVE-2014-2511.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140818 ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533160/30/0/threaded" - }, - { - "name" : "69272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69272" - }, - { - "name" : "1030741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030741" - }, - { - "name" : "60561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60561" - }, - { - "name" : "emc-cve20142511-xss(95366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69272" + }, + { + "name": "emc-cve20142511-xss(95366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95366" + }, + { + "name": "20140818 ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533160/30/0/threaded" + }, + { + "name": "60561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60561" + }, + { + "name": "1030741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030741" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2518.json b/2014/2xxx/CVE-2014-2518.json index 387b08c3331..a72191c85db 100644 --- a/2014/2xxx/CVE-2014-2518.json +++ b/2014/2xxx/CVE-2014-2518.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-2518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140818 ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533159/30/0/threaded" - }, - { - "name" : "69277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69277" - }, - { - "name" : "1030742", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030742" - }, - { - "name" : "60563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60563" - }, - { - "name" : "emc-cve20142518-csrf(95365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60563" + }, + { + "name": "69277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69277" + }, + { + "name": "20140818 ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533159/30/0/threaded" + }, + { + "name": "emc-cve20142518-csrf(95365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95365" + }, + { + "name": "1030742", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030742" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6049.json b/2014/6xxx/CVE-2014-6049.json index 6d0602f4c55..681fbfc667f 100644 --- a/2014/6xxx/CVE-2014-6049.json +++ b/2014/6xxx/CVE-2014-6049.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://techdefencelabs.com/security-advisories.html", - "refsource" : "MISC", - "url" : "http://techdefencelabs.com/security-advisories.html" - }, - { - "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://techdefencelabs.com/security-advisories.html", + "refsource": "MISC", + "url": "http://techdefencelabs.com/security-advisories.html" + }, + { + "name": "https://www.phpmyfaq.de/security/advisory-2014-09-16", + "refsource": "CONFIRM", + "url": "https://www.phpmyfaq.de/security/advisory-2014-09-16" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6276.json b/2014/6xxx/CVE-2014-6276.json index f50535e4282..070f12544be 100644 --- a/2014/6xxx/CVE-2014-6276.json +++ b/2014/6xxx/CVE-2014-6276.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-6276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9" - }, - { - "name" : "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt" - }, - { - "name" : "DSA-3502", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9" + }, + { + "name": "DSA-3502", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3502" + }, + { + "name": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6304.json b/2014/6xxx/CVE-2014-6304.json index 0a682e736a0..b233a29ee22 100644 --- a/2014/6xxx/CVE-2014-6304.json +++ b/2014/6xxx/CVE-2014-6304.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://twitter.com/d_gianni/statuses/562628862648270849/photo/1", - "refsource" : "MISC", - "url" : "http://twitter.com/d_gianni/statuses/562628862648270849/photo/1" - }, - { - "name" : "http://licensing.pnmsoft.com/documents/Security%20Bulletins/Security%20Bulletin%202014-1.htm", - "refsource" : "CONFIRM", - "url" : "http://licensing.pnmsoft.com/documents/Security%20Bulletins/Security%20Bulletin%202014-1.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://licensing.pnmsoft.com/documents/Security%20Bulletins/Security%20Bulletin%202014-1.htm", + "refsource": "CONFIRM", + "url": "http://licensing.pnmsoft.com/documents/Security%20Bulletins/Security%20Bulletin%202014-1.htm" + }, + { + "name": "http://twitter.com/d_gianni/statuses/562628862648270849/photo/1", + "refsource": "MISC", + "url": "http://twitter.com/d_gianni/statuses/562628862648270849/photo/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6745.json b/2014/6xxx/CVE-2014-6745.json index e3972444a54..d2a68fd3df3 100644 --- a/2014/6xxx/CVE-2014-6745.json +++ b/2014/6xxx/CVE-2014-6745.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Family Location (aka com.sosocome.family) application 3.4 2014-5-20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#493793", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/493793" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Family Location (aka com.sosocome.family) application 3.4 2014-5-20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#493793", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/493793" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6920.json b/2014/6xxx/CVE-2014-6920.json index 165163dab1c..4856d22298f 100644 --- a/2014/6xxx/CVE-2014-6920.json +++ b/2014/6xxx/CVE-2014-6920.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Canal 44 (aka com.canal.canal44) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#520985", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/520985" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Canal 44 (aka com.canal.canal44) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#520985", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/520985" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7861.json b/2014/7xxx/CVE-2014-7861.json index 63e572c3471..4c525bd77ae 100644 --- a/2014/7xxx/CVE-2014-7861.json +++ b/2014/7xxx/CVE-2014-7861.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-14-346/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-14-346/" - }, - { - "name" : "70249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70249" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-14-346/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-14-346/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0301.json b/2017/0xxx/CVE-2017-0301.json index 909d6a972e8..5cbc4acf7fe 100644 --- a/2017/0xxx/CVE-2017-0301.json +++ b/2017/0xxx/CVE-2017-0301.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-12-20T00:00:00", - "ID" : "CVE-2017-0301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP APM", - "version" : { - "version_data" : [ - { - "version_value" : "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4" - }, - { - "version_value" : "11.6.0, 11.6.1" - }, - { - "version_value" : "12.0.0, 12.1.0, 12.1.1, 12.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Predictable Resource Location" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-12-20T00:00:00", + "ID": "CVE-2017-0301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4" + }, + { + "version_value": "11.6.0, 11.6.1" + }, + { + "version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K54358225", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K54358225" - }, - { - "name" : "1040040", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Predictable Resource Location" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040040", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040040" + }, + { + "name": "https://support.f5.com/csp/article/K54358225", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K54358225" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0450.json b/2017/0xxx/CVE-2017-0450.json index 8cf9c638cc6..4005e2ecea3 100644 --- a/2017/0xxx/CVE-2017-0450.json +++ b/2017/0xxx/CVE-2017-0450.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96109" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96109" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0830.json b/2017/0xxx/CVE-2017-0830.json index a45cef2d068..41fbc9477b8 100644 --- a/2017/0xxx/CVE-2017-0830.json +++ b/2017/0xxx/CVE-2017-0830.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "101775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "101775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101775" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000357.json b/2017/1000xxx/CVE-2017-1000357.json index e5b8d7ff0b9..31bd325c4c9 100644 --- a/2017/1000xxx/CVE-2017-1000357.json +++ b/2017/1000xxx/CVE-2017-1000357.json @@ -1,77 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenDaylight", - "version" : { - "version_data" : [ - { - "version_value" : "<=3.3" - }, - { - "version_value" : "<=3.4" - }, - { - "version_value" : "<=4.0" - }, - { - "version_value" : "<=4.1" - }, - { - "version_value" : "<=4.2" - }, - { - "version_value" : "<=4.4" - } - ] - } - } - ] - }, - "vendor_name" : "OpenDaylight" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf", - "refsource" : "MISC", - "url" : "https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf", + "refsource": "MISC", + "url": "https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18095.json b/2017/18xxx/CVE-2017-18095.json index 4ac14b5235b..4cf9a9dd582 100644 --- a/2017/18xxx/CVE-2017-18095.json +++ b/2017/18xxx/CVE-2017-18095.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-19T00:00:00", - "ID" : "CVE-2017-18095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Crucible", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 4.5.1" - }, - { - "version_value" : "prior to 4.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Authorization (CWE-863)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-19T00:00:00", + "ID": "CVE-2017-18095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crucible", + "version": { + "version_data": [ + { + "version_value": "prior to 4.5.1" + }, + { + "version_value": "prior to 4.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8178", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CRUC-8178" - }, - { - "name" : "103207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization (CWE-863)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103207" + }, + { + "name": "https://jira.atlassian.com/browse/CRUC-8178", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CRUC-8178" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18116.json b/2017/18xxx/CVE-2017-18116.json index 69504be2d34..5a0f3108739 100644 --- a/2017/18xxx/CVE-2017-18116.json +++ b/2017/18xxx/CVE-2017-18116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18293.json b/2017/18xxx/CVE-2017-18293.json index 2af6730f434..52408c11a5f 100644 --- a/2017/18xxx/CVE-2017-18293.json +++ b/2017/18xxx/CVE-2017-18293.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control on TLMM Banked GPIO Registers" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control on TLMM Banked GPIO Registers" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1854.json b/2017/1xxx/CVE-2017-1854.json index 08ba5fda172..9793447b4f5 100644 --- a/2017/1xxx/CVE-2017-1854.json +++ b/2017/1xxx/CVE-2017-1854.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1854", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1854", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1996.json b/2017/1xxx/CVE-2017-1996.json index 37e80ebf0fc..573ddbe5b57 100644 --- a/2017/1xxx/CVE-2017-1996.json +++ b/2017/1xxx/CVE-2017-1996.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1996", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1996", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4163.json b/2017/4xxx/CVE-2017-4163.json index 062b62d26c4..ccdb5cd560b 100644 --- a/2017/4xxx/CVE-2017-4163.json +++ b/2017/4xxx/CVE-2017-4163.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4163", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4163", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4385.json b/2017/4xxx/CVE-2017-4385.json index 12989347831..1b557902a25 100644 --- a/2017/4xxx/CVE-2017-4385.json +++ b/2017/4xxx/CVE-2017-4385.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4385", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4385", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4554.json b/2017/4xxx/CVE-2017-4554.json index a3685f995e9..b740e315e39 100644 --- a/2017/4xxx/CVE-2017-4554.json +++ b/2017/4xxx/CVE-2017-4554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4554", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4554", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4767.json b/2017/4xxx/CVE-2017-4767.json index 7e10636a5ce..fcbfb0766c0 100644 --- a/2017/4xxx/CVE-2017-4767.json +++ b/2017/4xxx/CVE-2017-4767.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4767", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4767", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index ff59644ca2b..788807ae56c 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Log4j", - "version" : { - "version_data" : [ - { - "version_value" : "All versions between 2.0-alpha1 and 2.8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution." - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Log4j", + "version": { + "version_data": [ + { + "version_value": "All versions between 2.0-alpha1 and 2.8.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.apache.org/jira/browse/LOG4J2-1863", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/LOG4J2-1863" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181107-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181107-0002/" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "RHSA-2017:3244", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3244" - }, - { - "name" : "RHSA-2017:2808", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2808" - }, - { - "name" : "RHSA-2017:2809", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2809" - }, - { - "name" : "RHSA-2017:2810", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2810" - }, - { - "name" : "RHSA-2017:2811", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2811" - }, - { - "name" : "RHSA-2017:2888", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2888" - }, - { - "name" : "RHSA-2017:2889", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2889" - }, - { - "name" : "RHSA-2017:3399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3399" - }, - { - "name" : "RHSA-2017:3400", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3400" - }, - { - "name" : "RHSA-2017:2633", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2633" - }, - { - "name" : "RHSA-2017:2635", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2635" - }, - { - "name" : "RHSA-2017:2636", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2636" - }, - { - "name" : "RHSA-2017:2637", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2637" - }, - { - "name" : "RHSA-2017:2638", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2638" - }, - { - "name" : "RHSA-2017:1417", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1417" - }, - { - "name" : "RHSA-2017:1801", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1801" - }, - { - "name" : "RHSA-2017:1802", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1802" - }, - { - "name" : "RHSA-2017:2423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2423" - }, - { - "name" : "97702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97702" - }, - { - "name" : "1040200", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040200" - }, - { - "name" : "1041294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2888", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2888" + }, + { + "name": "RHSA-2017:2809", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2809" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "97702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97702" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "1041294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041294" + }, + { + "name": "RHSA-2017:2810", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2810" + }, + { + "name": "RHSA-2017:1801", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1801" + }, + { + "name": "RHSA-2017:2889", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2889" + }, + { + "name": "RHSA-2017:2635", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2635" + }, + { + "name": "RHSA-2017:2638", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2638" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181107-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181107-0002/" + }, + { + "name": "RHSA-2017:1417", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1417" + }, + { + "name": "RHSA-2017:2423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2423" + }, + { + "name": "RHSA-2017:2808", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2808" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "1040200", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040200" + }, + { + "name": "RHSA-2017:2636", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2017:3399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3399" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + }, + { + "name": "RHSA-2017:2637", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2637" + }, + { + "name": "RHSA-2017:3244", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3244" + }, + { + "name": "https://issues.apache.org/jira/browse/LOG4J2-1863", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/LOG4J2-1863" + }, + { + "name": "RHSA-2017:3400", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3400" + }, + { + "name": "RHSA-2017:2633", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2633" + }, + { + "name": "RHSA-2017:2811", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2811" + }, + { + "name": "RHSA-2017:1802", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1802" + } + ] + } +} \ No newline at end of file