diff --git a/2006/0xxx/CVE-2006-0448.json b/2006/0xxx/CVE-2006-0448.json index 4f44d1e2d49..c982a2ea76f 100644 --- a/2006/0xxx/CVE-2006-0448.json +++ b/2006/0xxx/CVE-2006-0448.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-1/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-1/advisory/" - }, - { - "name" : "16379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16379" - }, - { - "name" : "ADV-2006-0318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0318" - }, - { - "name" : "22764", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22764" - }, - { - "name" : "22765", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22765" - }, - { - "name" : "18480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18480" - }, - { - "name" : "epost-append-copy-rename-file-creation(24336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "epost-append-copy-rename-file-creation(24336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24336" + }, + { + "name": "ADV-2006-0318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0318" + }, + { + "name": "http://secunia.com/secunia_research/2006-1/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-1/advisory/" + }, + { + "name": "22764", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22764" + }, + { + "name": "18480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18480" + }, + { + "name": "22765", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22765" + }, + { + "name": "16379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16379" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0691.json b/2006/0xxx/CVE-2006-0691.json index 968919a4405..2f7a36dba85 100644 --- a/2006/0xxx/CVE-2006-0691.json +++ b/2006/0xxx/CVE-2006-0691.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060219 [eVuln] Time Tracking Software Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425505/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/69/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/69/summary.html" - }, - { - "name" : "16630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16630" - }, - { - "name" : "16731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16731" - }, - { - "name" : "ADV-2006-0524", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0524" - }, - { - "name" : "18854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18854" - }, - { - "name" : "timetracking-edituser-auth-bypass(24570)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0524", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0524" + }, + { + "name": "16731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16731" + }, + { + "name": "http://www.evuln.com/vulns/69/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/69/summary.html" + }, + { + "name": "16630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16630" + }, + { + "name": "20060219 [eVuln] Time Tracking Software Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425505/100/0/threaded" + }, + { + "name": "18854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18854" + }, + { + "name": "timetracking-edituser-auth-bypass(24570)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24570" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3809.json b/2006/3xxx/CVE-2006-3809.json index a81591641f4..a53d66d088d 100644 --- a/2006/3xxx/CVE-2006-3809.json +++ b/2006/3xxx/CVE-2006-3809.json @@ -1,387 +1,387 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060727 rPSA-2006-0137-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-536", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-536" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-537", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-537" - }, - { - "name" : "DSA-1159", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1159" - }, - { - "name" : "DSA-1160", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1160" - }, - { - "name" : "DSA-1161", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1161" - }, - { - "name" : "GLSA-200608-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml" - }, - { - "name" : "GLSA-200608-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml" - }, - { - "name" : "GLSA-200608-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "RHSA-2006:0608", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" - }, - { - "name" : "USN-327-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/327-1/" - }, - { - "name" : "USN-329-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/329-1/" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "USN-361-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-361-1" - }, - { - "name" : "19181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19181" - }, - { - "name" : "oval:org.mitre.oval:def:9753", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9753" - }, - { - "name" : "ADV-2006-2998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2998" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016586" - }, - { - "name" : "1016587", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016587" - }, - { - "name" : "1016588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016588" - }, - { - "name" : "19873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19873" - }, - { - "name" : "21216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21216" - }, - { - "name" : "21228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21228" - }, - { - "name" : "21229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21229" - }, - { - "name" : "21246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21246" - }, - { - "name" : "21243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21243" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21275" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21358" - }, - { - "name" : "21361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21361" - }, - { - "name" : "21250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21250" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "21343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21343" - }, - { - "name" : "21529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21529" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "21654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21654" - }, - { - "name" : "21634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21634" - }, - { - "name" : "21675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21675" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22342" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-universalbrowserread-escalation(27990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1161", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1161" + }, + { + "name": "21243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21243" + }, + { + "name": "RHSA-2006:0608", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html" + }, + { + "name": "DSA-1160", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1160" + }, + { + "name": "GLSA-200608-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-02.xml" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "19181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19181" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "ADV-2006-2998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2998" + }, + { + "name": "USN-361-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-361-1" + }, + { + "name": "20060727 rPSA-2006-0137-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded" + }, + { + "name": "21529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21529" + }, + { + "name": "21216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21216" + }, + { + "name": "GLSA-200608-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "oval:org.mitre.oval:def:9753", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9753" + }, + { + "name": "21654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21654" + }, + { + "name": "1016588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016588" + }, + { + "name": "USN-329-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/329-1/" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html" + }, + { + "name": "21634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21634" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "1016586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016586" + }, + { + "name": "19873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19873" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "USN-327-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/327-1/" + }, + { + "name": "21361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21361" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21275" + }, + { + "name": "21246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21246" + }, + { + "name": "SUSE-SA:2006:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" + }, + { + "name": "21229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21229" + }, + { + "name": "21675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21675" + }, + { + "name": "1016587", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016587" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "21228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21228" + }, + { + "name": "21250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21250" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "22342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22342" + }, + { + "name": "21358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21358" + }, + { + "name": "https://issues.rpath.com/browse/RPL-536", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-536" + }, + { + "name": "https://issues.rpath.com/browse/RPL-537", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-537" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "mozilla-universalbrowserread-escalation(27990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27990" + }, + { + "name": "GLSA-200608-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-04.xml" + }, + { + "name": "21343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21343" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + }, + { + "name": "DSA-1159", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1159" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3810.json b/2006/3xxx/CVE-2006-3810.json index 5fdd8fc15a8..f83eca861c3 100644 --- a/2006/3xxx/CVE-2006-3810.json +++ b/2006/3xxx/CVE-2006-3810.json @@ -1,372 +1,372 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060727 rPSA-2006-0137-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-536", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-536" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-537", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-537" - }, - { - "name" : "DSA-1159", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1159" - }, - { - "name" : "DSA-1160", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1160" - }, - { - "name" : "GLSA-200608-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml" - }, - { - "name" : "GLSA-200608-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml" - }, - { - "name" : "GLSA-200608-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "RHSA-2006:0608", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" - }, - { - "name" : "USN-327-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/327-1/" - }, - { - "name" : "USN-329-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/329-1/" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "VU#911004", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/911004" - }, - { - "name" : "19181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19181" - }, - { - "name" : "oval:org.mitre.oval:def:10113", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10113" - }, - { - "name" : "ADV-2006-2998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2998" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016586" - }, - { - "name" : "1016587", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016587" - }, - { - "name" : "1016588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016588" - }, - { - "name" : "19873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19873" - }, - { - "name" : "21216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21216" - }, - { - "name" : "21228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21228" - }, - { - "name" : "21229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21229" - }, - { - "name" : "21246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21246" - }, - { - "name" : "21243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21243" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21275" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21358" - }, - { - "name" : "21361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21361" - }, - { - "name" : "21250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21250" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "21343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21343" - }, - { - "name" : "21529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21529" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "21654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21654" - }, - { - "name" : "21634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21634" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-xpcnativewrapper-xss(27991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21243" + }, + { + "name": "RHSA-2006:0608", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html" + }, + { + "name": "DSA-1160", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1160" + }, + { + "name": "GLSA-200608-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-02.xml" + }, + { + "name": "oval:org.mitre.oval:def:10113", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10113" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "VU#911004", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/911004" + }, + { + "name": "19181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19181" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "ADV-2006-2998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2998" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html" + }, + { + "name": "20060727 rPSA-2006-0137-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded" + }, + { + "name": "21529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21529" + }, + { + "name": "21216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21216" + }, + { + "name": "GLSA-200608-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "21654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21654" + }, + { + "name": "1016588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016588" + }, + { + "name": "USN-329-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/329-1/" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "21634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21634" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "1016586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016586" + }, + { + "name": "19873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19873" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "USN-327-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/327-1/" + }, + { + "name": "21361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21361" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21275" + }, + { + "name": "21246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21246" + }, + { + "name": "SUSE-SA:2006:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" + }, + { + "name": "21229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21229" + }, + { + "name": "1016587", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016587" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "21228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21228" + }, + { + "name": "21250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21250" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21358" + }, + { + "name": "https://issues.rpath.com/browse/RPL-536", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-536" + }, + { + "name": "https://issues.rpath.com/browse/RPL-537", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-537" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "GLSA-200608-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-04.xml" + }, + { + "name": "21343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21343" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + }, + { + "name": "mozilla-xpcnativewrapper-xss(27991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27991" + }, + { + "name": "DSA-1159", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1159" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3890.json b/2006/3xxx/CVE-2006-3890.json index 6d329519994..7cfd5805fdc 100644 --- a/2006/3xxx/CVE-2006-3890.json +++ b/2006/3xxx/CVE-2006-3890.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-3890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061114 Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451566/100/0/threaded" - }, - { - "name" : "2785", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2785" - }, - { - "name" : "MS06-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" - }, - { - "name" : "VU#225217", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/225217" - }, - { - "name" : "21060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21060" - }, - { - "name" : "21108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21108" - }, - { - "name" : "22891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#225217", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/225217" + }, + { + "name": "22891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22891" + }, + { + "name": "21060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21060" + }, + { + "name": "20061114 Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451566/100/0/threaded" + }, + { + "name": "2785", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2785" + }, + { + "name": "21108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21108" + }, + { + "name": "MS06-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3967.json b/2006/3xxx/CVE-2006-3967.json index 9888bb43785..687da5f5769 100644 --- a/2006/3xxx/CVE-2006-3967.json +++ b/2006/3xxx/CVE-2006-3967.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060730 com_moskool (admin.moskool.php) Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441710/100/0/threaded" - }, - { - "name" : "19245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19245" - }, - { - "name" : "1314", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1314" - }, - { - "name" : "moskool-adminmoskool-file-include(28097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060730 com_moskool (admin.moskool.php) Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441710/100/0/threaded" + }, + { + "name": "19245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19245" + }, + { + "name": "moskool-adminmoskool-file-include(28097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28097" + }, + { + "name": "1314", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1314" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4576.json b/2006/4xxx/CVE-2006-4576.json index 5b5c5754b12..75bbc5384e4 100644 --- a/2006/4xxx/CVE-2006-4576.json +++ b/2006/4xxx/CVE-2006-4576.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-4576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-76/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-76/advisory/" - }, - { - "name" : "21870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21870" - }, - { - "name" : "32567", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32567" - }, - { - "name" : "21694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21694" - }, - { - "name" : "theaddressbook-gif-jpg-xss(31239)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32567", + "refsource": "OSVDB", + "url": "http://osvdb.org/32567" + }, + { + "name": "http://secunia.com/secunia_research/2006-76/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-76/advisory/" + }, + { + "name": "theaddressbook-gif-jpg-xss(31239)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31239" + }, + { + "name": "21870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21870" + }, + { + "name": "21694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21694" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4710.json b/2006/4xxx/CVE-2006-4710.json index dadff369a38..e002f00df8e 100644 --- a/2006/4xxx/CVE-2006-4710.json +++ b/2006/4xxx/CVE-2006-4710.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.snellspace.com/wp/?p=426", - "refsource" : "MISC", - "url" : "http://www.snellspace.com/wp/?p=426" - }, - { - "name" : "http://www.snellspace.com/wp/?p=448", - "refsource" : "MISC", - "url" : "http://www.snellspace.com/wp/?p=448" - }, - { - "name" : "http://www.cgisecurity.com/papers/RSS-Security.ppt", - "refsource" : "MISC", - "url" : "http://www.cgisecurity.com/papers/RSS-Security.ppt" - }, - { - "name" : "http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html", - "refsource" : "CONFIRM", - "url" : "http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html" - }, - { - "name" : "http://nick.typepad.com/blog/2006/08/feed_security_a_1.html", - "refsource" : "CONFIRM", - "url" : "http://nick.typepad.com/blog/2006/08/feed_security_a_1.html" - }, - { - "name" : "20114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20114" - }, - { - "name" : "ADV-2006-3686", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3686" - }, - { - "name" : "21995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21995" - }, - { - "name" : "feeddemon-atom-feed-xss(29047)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nick.typepad.com/blog/2006/08/feed_security_a_1.html", + "refsource": "CONFIRM", + "url": "http://nick.typepad.com/blog/2006/08/feed_security_a_1.html" + }, + { + "name": "ADV-2006-3686", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3686" + }, + { + "name": "http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html", + "refsource": "CONFIRM", + "url": "http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html" + }, + { + "name": "http://www.cgisecurity.com/papers/RSS-Security.ppt", + "refsource": "MISC", + "url": "http://www.cgisecurity.com/papers/RSS-Security.ppt" + }, + { + "name": "feeddemon-atom-feed-xss(29047)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29047" + }, + { + "name": "http://www.snellspace.com/wp/?p=426", + "refsource": "MISC", + "url": "http://www.snellspace.com/wp/?p=426" + }, + { + "name": "21995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21995" + }, + { + "name": "http://www.snellspace.com/wp/?p=448", + "refsource": "MISC", + "url": "http://www.snellspace.com/wp/?p=448" + }, + { + "name": "20114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20114" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4885.json b/2006/4xxx/CVE-2006-4885.json index 8ec9c862a3c..7e23b65c2d0 100644 --- a/2006/4xxx/CVE-2006-4885.json +++ b/2006/4xxx/CVE-2006-4885.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "84177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84177" - }, - { - "name" : "ADV-2006-3629", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3629" - }, - { - "name" : "28836", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28836" - }, - { - "name" : "28837", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28837" - }, - { - "name" : "21920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28836", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28836" + }, + { + "name": "84177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84177" + }, + { + "name": "28837", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28837" + }, + { + "name": "ADV-2006-3629", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3629" + }, + { + "name": "21920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21920" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4899.json b/2006/4xxx/CVE-2006-4899.json index 6d91d7ae18f..5075b8277ad 100644 --- a/2006/4xxx/CVE-2006-4899.json +++ b/2006/4xxx/CVE-2006-4899.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a \"'\" (single quote) in the PIProfile function, which leaks the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446611/100/0/threaded" - }, - { - "name" : "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446716/100/0/threaded" - }, - { - "name" : "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt", - "refsource" : "MISC", - "url" : "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt" - }, - { - "name" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616" - }, - { - "name" : "20139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20139" - }, - { - "name" : "ADV-2006-3738", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3738" - }, - { - "name" : "29009", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29009" - }, - { - "name" : "1016910", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016910" - }, - { - "name" : "22023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22023" - }, - { - "name" : "ca-etrust-eppiservlet-path-disclosure(29102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a \"'\" (single quote) in the PIProfile function, which leaks the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt", + "refsource": "MISC", + "url": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt" + }, + { + "name": "ca-etrust-eppiservlet-path-disclosure(29102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29102" + }, + { + "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9" + }, + { + "name": "29009", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29009" + }, + { + "name": "1016910", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016910" + }, + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616" + }, + { + "name": "22023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22023" + }, + { + "name": "20139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20139" + }, + { + "name": "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446716/100/0/threaded" + }, + { + "name": "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446611/100/0/threaded" + }, + { + "name": "ADV-2006-3738", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3738" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4918.json b/2006/4xxx/CVE-2006-4918.json index 6a39f8eab89..969f702bf82 100644 --- a/2006/4xxx/CVE-2006-4918.json +++ b/2006/4xxx/CVE-2006-4918.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2396", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2396" - }, - { - "name" : "20103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20103" - }, - { - "name" : "ADV-2006-3735", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3735" - }, - { - "name" : "29041", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29041" - }, - { - "name" : "21990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21990" - }, - { - "name" : "sdb-envdir-file-include(29025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20103" + }, + { + "name": "ADV-2006-3735", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3735" + }, + { + "name": "21990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21990" + }, + { + "name": "sdb-envdir-file-include(29025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29025" + }, + { + "name": "2396", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2396" + }, + { + "name": "29041", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29041" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6017.json b/2006/6xxx/CVE-2006-6017.json index bd0443cb5c8..5961e35c6bc 100644 --- a/2006/6xxx/CVE-2006-6017.json +++ b/2006/6xxx/CVE-2006-6017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=153303", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=153303" - }, - { - "name" : "http://trac.wordpress.org/ticket/2591", - "refsource" : "CONFIRM", - "url" : "http://trac.wordpress.org/ticket/2591" - }, - { - "name" : "GLSA-200611-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200611-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml" + }, + { + "name": "http://trac.wordpress.org/ticket/2591", + "refsource": "CONFIRM", + "url": "http://trac.wordpress.org/ticket/2591" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=153303", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=153303" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6141.json b/2006/6xxx/CVE-2006-6141.json index c231f465bd3..eb58907e938 100644 --- a/2006/6xxx/CVE-2006-6141.json +++ b/2006/6xxx/CVE-2006-6141.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061117 TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451951/100/200/threaded" - }, - { - "name" : "VU#632633", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/632633" - }, - { - "name" : "21148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21148" - }, - { - "name" : "ADV-2006-4606", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4606" - }, - { - "name" : "30502", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30502" - }, - { - "name" : "22968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22968" - }, - { - "name" : "1923", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1923" - }, - { - "name" : "tftpd32-gauge-dos(30439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1923", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1923" + }, + { + "name": "21148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21148" + }, + { + "name": "22968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22968" + }, + { + "name": "VU#632633", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/632633" + }, + { + "name": "30502", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30502" + }, + { + "name": "20061117 TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451951/100/200/threaded" + }, + { + "name": "tftpd32-gauge-dos(30439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30439" + }, + { + "name": "ADV-2006-4606", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4606" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6574.json b/2006/6xxx/CVE-2006-6574.json index b4c7d663692..8715a51e015 100644 --- a/2006/6xxx/CVE-2006-6574.json +++ b/2006/6xxx/CVE-2006-6574.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.mantisbugtracker.com/view.php?id=3375", - "refsource" : "MISC", - "url" : "http://bugs.mantisbugtracker.com/view.php?id=3375" - }, - { - "name" : "http://bugs.mantisbugtracker.com/view.php?id=7364", - "refsource" : "MISC", - "url" : "http://bugs.mantisbugtracker.com/view.php?id=7364" - }, - { - "name" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35", - "refsource" : "MISC", - "url" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35" - }, - { - "name" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log", - "refsource" : "MISC", - "url" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=469627", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=469627" - }, - { - "name" : "http://www.mantisbugtracker.com/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbugtracker.com/changelog.php" - }, - { - "name" : "DSA-1467", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1467" - }, - { - "name" : "21566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21566" - }, - { - "name" : "ADV-2006-4978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4978" - }, - { - "name" : "23258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23258" - }, - { - "name" : "28551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28551" - }, - { - "name" : "mantis-customfield-info-disclosure(30870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mantis-customfield-info-disclosure(30870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870" + }, + { + "name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log", + "refsource": "MISC", + "url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=469627", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=469627" + }, + { + "name": "23258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23258" + }, + { + "name": "http://bugs.mantisbugtracker.com/view.php?id=7364", + "refsource": "MISC", + "url": "http://bugs.mantisbugtracker.com/view.php?id=7364" + }, + { + "name": "28551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28551" + }, + { + "name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35", + "refsource": "MISC", + "url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35" + }, + { + "name": "ADV-2006-4978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4978" + }, + { + "name": "http://bugs.mantisbugtracker.com/view.php?id=3375", + "refsource": "MISC", + "url": "http://bugs.mantisbugtracker.com/view.php?id=3375" + }, + { + "name": "http://www.mantisbugtracker.com/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.mantisbugtracker.com/changelog.php" + }, + { + "name": "21566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21566" + }, + { + "name": "DSA-1467", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1467" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7236.json b/2006/7xxx/CVE-2006-7236.json index 01403863db0..dc0499b0f18 100644 --- a/2006/7xxx/CVE-2006-7236.json +++ b/2006/7xxx/CVE-2006-7236.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030" - }, - { - "name" : "USN-703-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/703-1/" - }, - { - "name" : "33388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33388" + }, + { + "name": "USN-703-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/703-1/" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2793.json b/2010/2xxx/CVE-2010-2793.json index 426a8894519..1e5688b86ec 100644 --- a/2010/2xxx/CVE-2010-2793.json +++ b/2010/2xxx/CVE-2010-2793.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=620355", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=620355" - }, - { - "name" : "RHSA-2010:0818", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0818.html" - }, - { - "name" : "45213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45213" - }, - { - "name" : "1024825", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024825", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024825" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=620355", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620355" + }, + { + "name": "45213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45213" + }, + { + "name": "RHSA-2010:0818", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0818.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2909.json b/2010/2xxx/CVE-2010-2909.json index acde5c0cdb1..a47af204c0c 100644 --- a/2010/2xxx/CVE-2010-2909.json +++ b/2010/2xxx/CVE-2010-2909.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100727 Re: TTVideo 1.0 Joomla Component SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512709/100/0/threaded" - }, - { - "name" : "20100727 TTVideo 1.0 Joomla Component SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512685/100/0/threaded" - }, - { - "name" : "14481", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14481" - }, - { - "name" : "http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt", - "refsource" : "MISC", - "url" : "http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt" - }, - { - "name" : "http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file", - "refsource" : "CONFIRM", - "url" : "http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file" - }, - { - "name" : "66630", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66630" - }, - { - "name" : "40716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40716" - }, - { - "name" : "ttvideocom-index-sql-injection(60662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file", + "refsource": "CONFIRM", + "url": "http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file" + }, + { + "name": "http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt", + "refsource": "MISC", + "url": "http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt" + }, + { + "name": "14481", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14481" + }, + { + "name": "20100727 TTVideo 1.0 Joomla Component SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512685/100/0/threaded" + }, + { + "name": "20100727 Re: TTVideo 1.0 Joomla Component SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512709/100/0/threaded" + }, + { + "name": "40716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40716" + }, + { + "name": "ttvideocom-index-sql-injection(60662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60662" + }, + { + "name": "66630", + "refsource": "OSVDB", + "url": "http://osvdb.org/66630" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0509.json b/2011/0xxx/CVE-2011-0509.json index 8aebef93075..9371541fccb 100644 --- a/2011/0xxx/CVE-2011-0509.json +++ b/2011/0xxx/CVE-2011-0509.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.vaadin.com/ticket/6257", - "refsource" : "MISC", - "url" : "http://dev.vaadin.com/ticket/6257" - }, - { - "name" : "http://vaadin.com/download/release/6.4/6.4.9/release-notes.html", - "refsource" : "CONFIRM", - "url" : "http://vaadin.com/download/release/6.4/6.4.9/release-notes.html" - }, - { - "name" : "45779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45779" - }, - { - "name" : "70398", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70398" - }, - { - "name" : "42879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42879" - }, - { - "name" : "vaadin-unspec-xss(64626)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45779" + }, + { + "name": "http://vaadin.com/download/release/6.4/6.4.9/release-notes.html", + "refsource": "CONFIRM", + "url": "http://vaadin.com/download/release/6.4/6.4.9/release-notes.html" + }, + { + "name": "http://dev.vaadin.com/ticket/6257", + "refsource": "MISC", + "url": "http://dev.vaadin.com/ticket/6257" + }, + { + "name": "70398", + "refsource": "OSVDB", + "url": "http://osvdb.org/70398" + }, + { + "name": "42879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42879" + }, + { + "name": "vaadin-unspec-xss(64626)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64626" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0642.json b/2011/0xxx/CVE-2011-0642.json index 89ad134bf62..0ddf5144664 100644 --- a/2011/0xxx/CVE-2011-0642.json +++ b/2011/0xxx/CVE-2011-0642.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16013", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16013" - }, - { - "name" : "70593", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70593" - }, - { - "name" : "42959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42959" - }, - { - "name" : "n13news-admin-csrf(64824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70593", + "refsource": "OSVDB", + "url": "http://osvdb.org/70593" + }, + { + "name": "16013", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16013" + }, + { + "name": "42959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42959" + }, + { + "name": "n13news-admin-csrf(64824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64824" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0663.json b/2011/0xxx/CVE-2011-0663.json index 20f5b96e1a2..52b8ac282a8 100644 --- a/2011/0xxx/CVE-2011-0663.json +++ b/2011/0xxx/CVE-2011-0663.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka \"Scripting Memory Reallocation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-031", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-031" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47249" - }, - { - "name" : "71774", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71774" - }, - { - "name" : "oval:org.mitre.oval:def:12673", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12673" - }, - { - "name" : "1025333", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025333" - }, - { - "name" : "44162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44162" - }, - { - "name" : "ADV-2011-0949", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka \"Scripting Memory Reallocation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0949", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0949" + }, + { + "name": "71774", + "refsource": "OSVDB", + "url": "http://osvdb.org/71774" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "1025333", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025333" + }, + { + "name": "MS11-031", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-031" + }, + { + "name": "47249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47249" + }, + { + "name": "oval:org.mitre.oval:def:12673", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12673" + }, + { + "name": "44162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44162" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1710.json b/2011/1xxx/CVE-2011-1710.json index e0ed2fe4d62..a3581074ee7 100644 --- a/2011/1xxx/CVE-2011-1710.json +++ b/2011/1xxx/CVE-2011-1710.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb" - }, - { - "name" : "http://support.novell.com/security/cve/CVE-2011-1710.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2011-1710.html" - }, - { - "name" : "https://bugzilla.novell.com/585440", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/585440" - }, - { - "name" : "SUSE-SU-2011:1185", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00012.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2011:1185", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00012.html" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2011-1710.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2011-1710.html" + }, + { + "name": "http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb", + "refsource": "CONFIRM", + "url": "http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb" + }, + { + "name": "https://bugzilla.novell.com/585440", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/585440" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1976.json b/2011/1xxx/CVE-2011-1976.json index 3a52dc1c7fa..86e1f3a7958 100644 --- a/2011/1xxx/CVE-2011-1976.json +++ b/2011/1xxx/CVE-2011-1976.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270" - }, - { - "name" : "HPSBGN03534", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=145326307707460&w=2" - }, - { - "name" : "MS11-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067" - }, - { - "name" : "TA11-221A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" - }, - { - "name" : "49033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49033" - }, - { - "name" : "oval:org.mitre.oval:def:12773", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067" + }, + { + "name": "HPSBGN03534", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=145326307707460&w=2" + }, + { + "name": "oval:org.mitre.oval:def:12773", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773" + }, + { + "name": "49033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49033" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270" + }, + { + "name": "TA11-221A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1978.json b/2011/1xxx/CVE-2011-1978.json index 14fa9d5ccc2..f83604aba6f 100644 --- a/2011/1xxx/CVE-2011-1978.json +++ b/2011/1xxx/CVE-2011-1978.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Socket Restriction Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-069" - }, - { - "name" : "oval:org.mitre.oval:def:12901", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Socket Restriction Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12901", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12901" + }, + { + "name": "MS11-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-069" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4030.json b/2011/4xxx/CVE-2011-4030.json index d80e8c44712..34ed5a82774 100644 --- a/2011/4xxx/CVE-2011-4030.json +++ b/2011/4xxx/CVE-2011-4030.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plone.org/products/plone-hotfix/releases/20110928", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone-hotfix/releases/20110928" - }, - { - "name" : "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip" - }, - { - "name" : "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0", - "refsource" : "CONFIRM", - "url" : "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0" - }, - { - "name" : "50287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50287" - }, - { - "name" : "46323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0", + "refsource": "CONFIRM", + "url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0" + }, + { + "name": "46323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46323" + }, + { + "name": "50287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50287" + }, + { + "name": "http://plone.org/products/plone-hotfix/releases/20110928", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone-hotfix/releases/20110928" + }, + { + "name": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4562.json b/2011/4xxx/CVE-2011-4562.json index 7182595b397..c2353b8fc5c 100644 --- a/2011/4xxx/CVE-2011-4562.json +++ b/2011/4xxx/CVE-2011-4562.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html", - "refsource" : "MISC", - "url" : "http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html" - }, - { - "name" : "http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection" - }, - { - "name" : "http://wordpress.org/extend/plugins/redirection/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/redirection/changelog/" - }, - { - "name" : "49985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49985" - }, - { - "name" : "76092", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76092" - }, - { - "name" : "46310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46310" - }, - { - "name" : "wpredirection-referer-header-xss(70373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/extend/plugins/redirection/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/redirection/changelog/" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection" + }, + { + "name": "49985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49985" + }, + { + "name": "wpredirection-referer-header-xss(70373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70373" + }, + { + "name": "http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html", + "refsource": "MISC", + "url": "http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html" + }, + { + "name": "76092", + "refsource": "OSVDB", + "url": "http://osvdb.org/76092" + }, + { + "name": "http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt" + }, + { + "name": "46310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46310" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4744.json b/2011/4xxx/CVE-2011-4744.json index 9031a878542..c21479bfc73 100644 --- a/2011/4xxx/CVE-2011-4744.json +++ b/2011/4xxx/CVE-2011-4744.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" - }, - { - "name" : "plesk-headers-unspecified(72315)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" + }, + { + "name": "plesk-headers-unspecified(72315)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72315" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5276.json b/2011/5xxx/CVE-2011-5276.json index e8b7438689b..c4264a8a58b 100644 --- a/2011/5xxx/CVE-2011-5276.json +++ b/2011/5xxx/CVE-2011-5276.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a" - }, - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632" - }, - { - "name" : "DSA-2365", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632" + }, + { + "name": "DSA-2365", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2365" + }, + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2763.json b/2014/2xxx/CVE-2014-2763.json index ac06f744d63..deaec22af28 100644 --- a/2014/2xxx/CVE-2014-2763.json +++ b/2014/2xxx/CVE-2014-2763.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67915" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "67915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67915" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2847.json b/2014/2xxx/CVE-2014-2847.json index 1ddbd1649eb..e42245d0d3a 100644 --- a/2014/2xxx/CVE-2014-2847.json +++ b/2014/2xxx/CVE-2014-2847.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32660", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32660" - }, - { - "name" : "66590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66590" - }, - { - "name" : "105364", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/105364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32660", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32660" + }, + { + "name": "66590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66590" + }, + { + "name": "105364", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/105364" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3008.json b/2014/3xxx/CVE-2014-3008.json index 0958752bdf4..2c8bd2ea929 100644 --- a/2014/3xxx/CVE-2014-3008.json +++ b/2014/3xxx/CVE-2014-3008.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32885", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32885" - }, - { - "name" : "20140415 Unitrends enterprise backup remote unauthenticated root", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/204" - }, - { - "name" : "https://gist.github.com/brandonprry/10745756", - "refsource" : "MISC", - "url" : "https://gist.github.com/brandonprry/10745756" - }, - { - "name" : "66928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66928" - }, - { - "name" : "58001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58001" - }, - { - "name" : "unitrends-snmpod-command-exec(92642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "unitrends-snmpod-command-exec(92642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92642" + }, + { + "name": "58001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58001" + }, + { + "name": "https://gist.github.com/brandonprry/10745756", + "refsource": "MISC", + "url": "https://gist.github.com/brandonprry/10745756" + }, + { + "name": "66928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66928" + }, + { + "name": "20140415 Unitrends enterprise backup remote unauthenticated root", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/204" + }, + { + "name": "32885", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32885" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3508.json b/2014/3xxx/CVE-2014-3508.json index c26add03888..5ece1208acf 100644 --- a/2014/3xxx/CVE-2014-3508.json +++ b/2014/3xxx/CVE-2014-3508.json @@ -1,422 +1,422 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", - "refsource" : "MLIST", - "url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" - }, - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87" - }, - { - "name" : "https://www.openssl.org/news/secadv_20140806.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20140806.txt" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1053.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1053.html" - }, - { - "name" : "http://www.tenable.com/security/tns-2014-06", - "refsource" : "CONFIRM", - "url" : "http://www.tenable.com/security/tns-2014-06" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" - }, - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681752", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681752" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127490", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127490" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1052.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1052.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" - }, - { - "name" : "https://support.citrix.com/article/CTX216642", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX216642" - }, - { - "name" : "DSA-2998", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2998" - }, - { - "name" : "FEDORA-2014-9301", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" - }, - { - "name" : "FEDORA-2014-9308", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" - }, - { - "name" : "FreeBSD-SA-14:18", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc" - }, - { - "name" : "HPSBGN03099", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140973896703549&w=2" - }, - { - "name" : "HPSBOV03099", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141077370928502&w=2" - }, - { - "name" : "HPSBUX03095", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2" - }, - { - "name" : "SSRT101674", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2" - }, - { - "name" : "HPSBMU03260", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2" - }, - { - "name" : "SSRT101894", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2" - }, - { - "name" : "HPSBMU03267", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624590206005&w=2" - }, - { - "name" : "HPSBHF03293", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "SSRT101846", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "HPSBMU03304", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142791032306609&w=2" - }, - { - "name" : "HPSBMU03261", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290522027658&w=2" - }, - { - "name" : "HPSBMU03263", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290437727362&w=2" - }, - { - "name" : "MDVSA-2014:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158" - }, - { - "name" : "NetBSD-SA2014-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" - }, - { - "name" : "RHSA-2014:1256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1256.html" - }, - { - "name" : "RHSA-2014:1297", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1297.html" - }, - { - "name" : "openSUSE-SU-2014:1052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" - }, - { - "name" : "SUSE-SU-2015:0578", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" - }, - { - "name" : "openSUSE-SU-2016:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" - }, - { - "name" : "69075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69075" - }, - { - "name" : "1030693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030693" - }, - { - "name" : "59221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59221" - }, - { - "name" : "60687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60687" - }, - { - "name" : "60824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60824" - }, - { - "name" : "60861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60861" - }, - { - "name" : "60917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60917" - }, - { - "name" : "60921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60921" - }, - { - "name" : "60938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60938" - }, - { - "name" : "61775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61775" - }, - { - "name" : "61959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61959" - }, - { - "name" : "59756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59756" - }, - { - "name" : "60410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60410" - }, - { - "name" : "60803", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60803" - }, - { - "name" : "61214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61214" - }, - { - "name" : "61017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61017" - }, - { - "name" : "61100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61100" - }, - { - "name" : "61171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61171" - }, - { - "name" : "61250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61250" - }, - { - "name" : "61392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61392" - }, - { - "name" : "61184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61184" - }, - { - "name" : "59743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59743" - }, - { - "name" : "60778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60778" - }, - { - "name" : "58962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58962" - }, - { - "name" : "59700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59700" - }, - { - "name" : "59710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59710" - }, - { - "name" : "60022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60022" - }, - { - "name" : "60684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60684" - }, - { - "name" : "60221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60221" - }, - { - "name" : "60493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60493" - }, - { - "name" : "openssl-cve20143508-info-disc(95165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1297", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html" + }, + { + "name": "openSUSE-SU-2014:1052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" + }, + { + "name": "HPSBGN03099", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140973896703549&w=2" + }, + { + "name": "61214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61214" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html" + }, + { + "name": "60221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60221" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" + }, + { + "name": "60778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60778" + }, + { + "name": "61184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61184" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure" + }, + { + "name": "SSRT101846", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "RHSA-2014:1256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html" + }, + { + "name": "60022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60022" + }, + { + "name": "https://www.openssl.org/news/secadv_20140806.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20140806.txt" + }, + { + "name": "61017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61017" + }, + { + "name": "61250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61250" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" + }, + { + "name": "69075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69075" + }, + { + "name": "HPSBMU03304", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2" + }, + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html" + }, + { + "name": "HPSBHF03293", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" + }, + { + "name": "60410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60410" + }, + { + "name": "HPSBMU03260", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" + }, + { + "name": "60803", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60803" + }, + { + "name": "60824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60824" + }, + { + "name": "HPSBUX03095", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2" + }, + { + "name": "59700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59700" + }, + { + "name": "FEDORA-2014-9308", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" + }, + { + "name": "1030693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030693" + }, + { + "name": "59743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59743" + }, + { + "name": "openSUSE-SU-2016:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" + }, + { + "name": "60861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60861" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752" + }, + { + "name": "60917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60917" + }, + { + "name": "http://www.tenable.com/security/tns-2014-06", + "refsource": "CONFIRM", + "url": "http://www.tenable.com/security/tns-2014-06" + }, + { + "name": "NetBSD-SA2014-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" + }, + { + "name": "60493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60493" + }, + { + "name": "59710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59710" + }, + { + "name": "60921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60921" + }, + { + "name": "HPSBOV03099", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141077370928502&w=2" + }, + { + "name": "59221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59221" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" + }, + { + "name": "61100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61100" + }, + { + "name": "SUSE-SU-2015:0578", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" + }, + { + "name": "FreeBSD-SA-14:18", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc" + }, + { + "name": "61775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61775" + }, + { + "name": "SSRT101894", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" + }, + { + "name": "DSA-2998", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2998" + }, + { + "name": "HPSBMU03263", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2" + }, + { + "name": "FEDORA-2014-9301", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" + }, + { + "name": "SSRT101674", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2" + }, + { + "name": "61959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61959" + }, + { + "name": "59756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59756" + }, + { + "name": "HPSBMU03267", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2" + }, + { + "name": "HPSBMU03261", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" + }, + { + "name": "58962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58962" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html" + }, + { + "name": "61392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61392" + }, + { + "name": "60938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60938" + }, + { + "name": "60684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60684" + }, + { + "name": "https://support.citrix.com/article/CTX216642", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX216642" + }, + { + "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", + "refsource": "MLIST", + "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490" + }, + { + "name": "openssl-cve20143508-info-disc(95165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165" + }, + { + "name": "61171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61171" + }, + { + "name": "60687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60687" + }, + { + "name": "MDVSA-2014:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3521.json b/2014/3xxx/CVE-2014-3521.json index 15f3107eb4f..28376a2ba4c 100644 --- a/2014/3xxx/CVE-2014-3521.json +++ b/2014/3xxx/CVE-2014-3521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1112813", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1112813" - }, - { - "name" : "RHSA-2014:1194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1194.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813" + }, + { + "name": "RHSA-2014:1194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3562.json b/2014/3xxx/CVE-2014-3562.json index 5ca2ecdbd5a..017632034bd 100644 --- a/2014/3xxx/CVE-2014-3562.json +++ b/2014/3xxx/CVE-2014-3562.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123477", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123477" - }, - { - "name" : "RHSA-2014:1031", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1031.html" - }, - { - "name" : "RHSA-2014:1032", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1032.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1031", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1031.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477" + }, + { + "name": "RHSA-2014:1032", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1032.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3750.json b/2014/3xxx/CVE-2014-3750.json index 8710272c30e..a101bc73d01 100644 --- a/2014/3xxx/CVE-2014-3750.json +++ b/2014/3xxx/CVE-2014-3750.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks", - "refsource" : "MISC", - "url" : "http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks", + "refsource": "MISC", + "url": "http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6192.json b/2014/6xxx/CVE-2014-6192.json index 69411995bcd..03663a32578 100644 --- a/2014/6xxx/CVE-2014-6192.json +++ b/2014/6xxx/CVE-2014-6192.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700252", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6284.json b/2014/6xxx/CVE-2014-6284.json index 013fbe89e44..847e1502bbb 100644 --- a/2014/6xxx/CVE-2014-6284.json +++ b/2014/6xxx/CVE-2014-6284.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6567.json b/2014/6xxx/CVE-2014-6567.json index 20e218e4dc3..6dc3a1b3951 100644 --- a/2014/6xxx/CVE-2014-6567.json +++ b/2014/6xxx/CVE-2014-6567.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf", - "refsource" : "MISC", - "url" : "http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72134" - }, - { - "name" : "1031572", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf", + "refsource": "MISC", + "url": "http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf" + }, + { + "name": "1031572", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031572" + }, + { + "name": "72134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72134" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6714.json b/2014/6xxx/CVE-2014-6714.json index 2fe0909a902..a0c4b912a76 100644 --- a/2014/6xxx/CVE-2014-6714.json +++ b/2014/6xxx/CVE-2014-6714.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#289017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/289017" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#289017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/289017" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6826.json b/2014/6xxx/CVE-2014-6826.json index ee0cf4025a3..21d28e2d49b 100644 --- a/2014/6xxx/CVE-2014-6826.json +++ b/2014/6xxx/CVE-2014-6826.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#741249", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/741249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#741249", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/741249" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6907.json b/2014/6xxx/CVE-2014-6907.json index 3d4a3ae2362..8a24005589d 100644 --- a/2014/6xxx/CVE-2014-6907.json +++ b/2014/6xxx/CVE-2014-6907.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#455865", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/455865" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#455865", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/455865" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7251.json b/2014/7xxx/CVE-2014-7251.json index 9a6397c84cd..92d57a8643d 100644 --- a/2014/7xxx/CVE-2014-7251.json +++ b/2014/7xxx/CVE-2014-7251.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf" - }, - { - "name" : "JVN#54775800", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN54775800/index.html" - }, - { - "name" : "JVNDB-2014-000141", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html" - }, - { - "name" : "fast-tools-cve20147251-info-disc(99018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf", + "refsource": "CONFIRM", + "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf" + }, + { + "name": "JVN#54775800", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN54775800/index.html" + }, + { + "name": "fast-tools-cve20147251-info-disc(99018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99018" + }, + { + "name": "JVNDB-2014-000141", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7255.json b/2014/7xxx/CVE-2014-7255.json index fd1fc92541d..4726e954fda 100644 --- a/2014/7xxx/CVE-2014-7255.json +++ b/2014/7xxx/CVE-2014-7255.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.seil.jp/support/security/a01510.html", - "refsource" : "CONFIRM", - "url" : "http://www.seil.jp/support/security/a01510.html" - }, - { - "name" : "JVN#21907573", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN21907573/index.html" - }, - { - "name" : "JVNDB-2014-000135", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000135.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000135", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000135.html" + }, + { + "name": "http://www.seil.jp/support/security/a01510.html", + "refsource": "CONFIRM", + "url": "http://www.seil.jp/support/security/a01510.html" + }, + { + "name": "JVN#21907573", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN21907573/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7399.json b/2014/7xxx/CVE-2014-7399.json index 505e8c266a7..1000cadec60 100644 --- a/2014/7xxx/CVE-2014-7399.json +++ b/2014/7xxx/CVE-2014-7399.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#236041", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/236041" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#236041", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/236041" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7472.json b/2014/7xxx/CVE-2014-7472.json index 10dce4cb673..7c28bee97e5 100644 --- a/2014/7xxx/CVE-2014-7472.json +++ b/2014/7xxx/CVE-2014-7472.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#619105", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/619105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#619105", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/619105" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7496.json b/2014/7xxx/CVE-2014-7496.json index 42e560a4510..c9ce76846be 100644 --- a/2014/7xxx/CVE-2014-7496.json +++ b/2014/7xxx/CVE-2014-7496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7496", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7496", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2067.json b/2016/2xxx/CVE-2016-2067.json index 8f2196b3be3..64066312ef7 100644 --- a/2016/2xxx/CVE-2016-2067.json +++ b/2016/2xxx/CVE-2016-2067.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0" - }, - { - "name" : "https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0741.json b/2017/0xxx/CVE-2017-0741.json index 080a5bc93fb..772f7b7acde 100644 --- a/2017/0xxx/CVE-2017-0741.json +++ b/2017/0xxx/CVE-2017-0741.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-08-07T00:00:00", - "ID" : "CVE-2017-0741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-08-07T00:00:00", + "ID": "CVE-2017-0741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-08-01" - }, - { - "name" : "100209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100209" + }, + { + "name": "https://source.android.com/security/bulletin/2017-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-08-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18235.json b/2017/18xxx/CVE-2017-18235.json index 5a42e586958..2e39355eeb4 100644 --- a/2017/18xxx/CVE-2017-18235.json +++ b/2017/18xxx/CVE-2017-18235.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=101913", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=101913" - }, - { - "name" : "https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=101913", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=101913" + }, + { + "name": "https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1534.json b/2017/1xxx/CVE-2017-1534.json index 8a7d51a14bd..93adff38814 100644 --- a/2017/1xxx/CVE-2017-1534.json +++ b/2017/1xxx/CVE-2017-1534.json @@ -1,129 +1,129 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-05T00:00:00", - "ID" : "CVE-2017-1534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "8.0.0" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "9.0.0" - }, - { - "version_value" : "9.0.1.0" - }, - { - "version_value" : "9.0.2.0" - }, - { - "version_value" : "8.0.1.5" - }, - { - "version_value" : "9.0.2.1" - }, - { - "version_value" : "9.0.3" - }, - { - "version_value" : "8.0.1.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-05T00:00:00", + "ID": "CVE-2017-1534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0.0.1" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "9.0.0" + }, + { + "version_value": "9.0.1.0" + }, + { + "version_value": "9.0.2.0" + }, + { + "version_value": "8.0.1.5" + }, + { + "version_value": "9.0.2.1" + }, + { + "version_value": "9.0.3" + }, + { + "version_value": "8.0.1.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008936", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008936" - }, - { - "name" : "102509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102509" - }, - { - "name" : "1040169", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22008936", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22008936" + }, + { + "name": "1040169", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040169" + }, + { + "name": "102509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102509" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1573.json b/2017/1xxx/CVE-2017-1573.json index 62b9a554ec1..5ea3067caa7 100644 --- a/2017/1xxx/CVE-2017-1573.json +++ b/2017/1xxx/CVE-2017-1573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5315.json b/2017/5xxx/CVE-2017-5315.json index e03535e3268..d256c6450d8 100644 --- a/2017/5xxx/CVE-2017-5315.json +++ b/2017/5xxx/CVE-2017-5315.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5315", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5315", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file