diff --git a/2006/0xxx/CVE-2006-0121.json b/2006/0xxx/CVE-2006-0121.json index ed50af390e7..b0257860a48 100644 --- a/2006/0xxx/CVE-2006-0121.json +++ b/2006/0xxx/CVE-2006-0121.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007054", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007054" - }, - { - "name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0,MKIN67MQVW", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0,MKIN67MQVW" - }, - { - "name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0,MKIN693QUT", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0,MKIN693QUT" - }, - { - "name" : "16158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16158" - }, - { - "name" : "ADV-2006-0081", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0081" - }, - { - "name" : "18328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18328" - }, - { - "name" : "lotus-ssl-handshake-dos(24223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054" + }, + { + "name": "16158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16158" + }, + { + "name": "18328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18328" + }, + { + "name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0,MKIN693QUT", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0,MKIN693QUT" + }, + { + "name": "lotus-ssl-handshake-dos(24223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24223" + }, + { + "name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0,MKIN67MQVW", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0,MKIN67MQVW" + }, + { + "name": "ADV-2006-0081", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0081" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0296.json b/2006/0xxx/CVE-2006-0296.json index faa542f55c0..285533e0472 100644 --- a/2006/0xxx/CVE-2006-0296.json +++ b/2006/0xxx/CVE-2006-0296.json @@ -1,377 +1,377 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-05.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=319847", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=319847" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1044" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "FEDORA-2006-075", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" - }, - { - "name" : "FEDORA-2006-076", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" - }, - { - "name" : "FLSA-2006:180036-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/425978/100/0/threaded" - }, - { - "name" : "FLSA:180036-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/425975/100/0/threaded" - }, - { - "name" : "GLSA-200604-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" - }, - { - "name" : "GLSA-200604-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" - }, - { - "name" : "GLSA-200605-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" - }, - { - "name" : "HPSBUX02122", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "SSRT061158", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:036", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" - }, - { - "name" : "MDKSA-2006:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" - }, - { - "name" : "MDKSA-2006:037", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" - }, - { - "name" : "RHSA-2006:0199", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0199.html" - }, - { - "name" : "RHSA-2006:0200", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0200.html" - }, - { - "name" : "RHSA-2006:0330", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "20060201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "USN-275-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/275-1/" - }, - { - "name" : "USN-276-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/276-1/" - }, - { - "name" : "USN-271-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/271-1/" - }, - { - "name" : "TA06-038A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-038A.html" - }, - { - "name" : "VU#592425", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/592425" - }, - { - "name" : "16476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16476" - }, - { - "name" : "oval:org.mitre.oval:def:11803", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803" - }, - { - "name" : "ADV-2006-0413", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0413" - }, - { - "name" : "ADV-2006-3391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3391" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "oval:org.mitre.oval:def:1493", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493" - }, - { - "name" : "1015570", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015570" - }, - { - "name" : "18700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18700" - }, - { - "name" : "18703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18703" - }, - { - "name" : "18704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18704" - }, - { - "name" : "18708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18708" - }, - { - "name" : "18709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18709" - }, - { - "name" : "18705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18705" - }, - { - "name" : "18706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18706" - }, - { - "name" : "19230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19230" - }, - { - "name" : "19759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19759" - }, - { - "name" : "19821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19821" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - }, - { - "name" : "19852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19852" - }, - { - "name" : "19862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19862" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19902" - }, - { - "name" : "19950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19950" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "19746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19746" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "19780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19780" - }, - { - "name" : "20051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20051" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "mozilla-xuldocument-command-execution(24434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:036", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" + }, + { + "name": "USN-275-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/275-1/" + }, + { + "name": "RHSA-2006:0330", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html" + }, + { + "name": "19902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19902" + }, + { + "name": "MDKSA-2006:037", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" + }, + { + "name": "USN-276-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/276-1/" + }, + { + "name": "HPSBUX02122", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "19780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19780" + }, + { + "name": "19821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19821" + }, + { + "name": "FEDORA-2006-075", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" + }, + { + "name": "GLSA-200604-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "19862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19862" + }, + { + "name": "19230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19230" + }, + { + "name": "18704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18704" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "18709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18709" + }, + { + "name": "mozilla-xuldocument-command-execution(24434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24434" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "USN-271-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/271-1/" + }, + { + "name": "18705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18705" + }, + { + "name": "GLSA-200604-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" + }, + { + "name": "16476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16476" + }, + { + "name": "ADV-2006-0413", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0413" + }, + { + "name": "1015570", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015570" + }, + { + "name": "19746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19746" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "VU#592425", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/592425" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=319847", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=319847" + }, + { + "name": "oval:org.mitre.oval:def:11803", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803" + }, + { + "name": "18700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18700" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19759" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-05.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-05.html" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "RHSA-2006:0200", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html" + }, + { + "name": "18706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18706" + }, + { + "name": "oval:org.mitre.oval:def:1493", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493" + }, + { + "name": "SSRT061158", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "FEDORA-2006-076", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" + }, + { + "name": "MDKSA-2006:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" + }, + { + "name": "RHSA-2006:0199", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html" + }, + { + "name": "TA06-038A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-038A.html" + }, + { + "name": "20051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20051" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "FLSA-2006:180036-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded" + }, + { + "name": "20060201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "18708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18708" + }, + { + "name": "FLSA:180036-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "19852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19852" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "GLSA-200605-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" + }, + { + "name": "ADV-2006-3391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3391" + }, + { + "name": "18703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18703" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "19950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19950" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + }, + { + "name": "DSA-1044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1044" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0736.json b/2006/0xxx/CVE-2006-0736.json index 11bb576b4fc..33761db83ca 100644 --- a/2006/0xxx/CVE-2006-0736.json +++ b/2006/0xxx/CVE-2006-0736.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SA:2006:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_10_casa.html" - }, - { - "name" : "16779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16779" - }, - { - "name" : "ADV-2006-0693", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0693" - }, - { - "name" : "18995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2006:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_10_casa.html" + }, + { + "name": "ADV-2006-0693", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0693" + }, + { + "name": "16779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16779" + }, + { + "name": "18995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18995" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0877.json b/2006/0xxx/CVE-2006-0877.json index c545ad6983a..a4d1787abcf 100644 --- a/2006/0xxx/CVE-2006-0877.json +++ b/2006/0xxx/CVE-2006-0877.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060304 [eVuln] Easy Forum XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426760/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/85/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/85/summary.html" - }, - { - "name" : "http://hot-things.net/forum/show.php?f=2&topic=20060224080919", - "refsource" : "CONFIRM", - "url" : "http://hot-things.net/forum/show.php?f=2&topic=20060224080919" - }, - { - "name" : "16958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16958" - }, - { - "name" : "ADV-2006-0706", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0706" - }, - { - "name" : "23430", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23430" - }, - { - "name" : "18996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18996" - }, - { - "name" : "easyforum-join-xss(24831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hot-things.net/forum/show.php?f=2&topic=20060224080919", + "refsource": "CONFIRM", + "url": "http://hot-things.net/forum/show.php?f=2&topic=20060224080919" + }, + { + "name": "16958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16958" + }, + { + "name": "18996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18996" + }, + { + "name": "easyforum-join-xss(24831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24831" + }, + { + "name": "http://evuln.com/vulns/85/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/85/summary.html" + }, + { + "name": "23430", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23430" + }, + { + "name": "ADV-2006-0706", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0706" + }, + { + "name": "20060304 [eVuln] Easy Forum XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426760/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1004.json b/2006/1xxx/CVE-2006-1004.json index 669e0496d72..c7db9fe3486 100644 --- a/2006/1xxx/CVE-2006-1004.json +++ b/2006/1xxx/CVE-2006-1004.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16865" - }, - { - "name" : "ADV-2006-0763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0763" - }, - { - "name" : "23548", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23548" - }, - { - "name" : "19025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19025" - }, - { - "name" : "parodia-agencyprofile-xss(24971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0763" + }, + { + "name": "23548", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23548" + }, + { + "name": "parodia-agencyprofile-xss(24971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24971" + }, + { + "name": "16865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16865" + }, + { + "name": "19025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19025" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1334.json b/2006/1xxx/CVE-2006-1334.json index 499f669041a..1db8110740e 100644 --- a/2006/1xxx/CVE-2006-1334.json +++ b/2006/1xxx/CVE-2006-1334.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060327 [eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428903/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/101/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/101/summary.html" - }, - { - "name" : "17159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17159" - }, - { - "name" : "17247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17247" - }, - { - "name" : "ADV-2006-0994", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0994" - }, - { - "name" : "23946", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23946" - }, - { - "name" : "23945", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23945" - }, - { - "name" : "1015818", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015818" - }, - { - "name" : "19273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19273" - }, - { - "name" : "638", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/638" - }, - { - "name" : "maianweblog-printmail-sql-injection(25295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23946", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23946" + }, + { + "name": "638", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/638" + }, + { + "name": "ADV-2006-0994", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0994" + }, + { + "name": "17247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17247" + }, + { + "name": "20060327 [eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428903/100/0/threaded" + }, + { + "name": "17159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17159" + }, + { + "name": "1015818", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015818" + }, + { + "name": "http://evuln.com/vulns/101/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/101/summary.html" + }, + { + "name": "19273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19273" + }, + { + "name": "maianweblog-printmail-sql-injection(25295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25295" + }, + { + "name": "23945", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23945" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1466.json b/2006/1xxx/CVE-2006-1466.json index f5aa8f05439..4f08b9be0c6 100644 --- a/2006/1xxx/CVE-2006-1466.json +++ b/2006/1xxx/CVE-2006-1466.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-23", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00004.html" - }, - { - "name" : "18091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18091" - }, - { - "name" : "ADV-2006-1950", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1950" - }, - { - "name" : "25889", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25889" - }, - { - "name" : "1016143", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016143" - }, - { - "name" : "20267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20267" - }, - { - "name" : "xcode-webobjects-unauth-access(26634)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-05-23", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00004.html" + }, + { + "name": "1016143", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016143" + }, + { + "name": "25889", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25889" + }, + { + "name": "xcode-webobjects-unauth-access(26634)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26634" + }, + { + "name": "ADV-2006-1950", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1950" + }, + { + "name": "20267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20267" + }, + { + "name": "18091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18091" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1914.json b/2006/1xxx/CVE-2006-1914.json index aefaf01fa9b..a571d600443 100644 --- a/2006/1xxx/CVE-2006-1914.json +++ b/2006/1xxx/CVE-2006-1914.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060416 DbbS<=2.0-alpha Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431117" - }, - { - "name" : "771", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/771" - }, - { - "name" : "dbbs-multiple-path-disclosure(25922)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dbbs-multiple-path-disclosure(25922)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25922" + }, + { + "name": "20060416 DbbS<=2.0-alpha Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431117" + }, + { + "name": "771", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/771" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4142.json b/2006/4xxx/CVE-2006-4142.json index 106a6af1cc2..823cb1acc7d 100644 --- a/2006/4xxx/CVE-2006-4142.json +++ b/2006/4xxx/CVE-2006-4142.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060811 VWar <= 1.50 R14 (n) Remote SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442989/100/0/threaded" - }, - { - "name" : "2170", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2170" - }, - { - "name" : "http://www.vwar.de/", - "refsource" : "CONFIRM", - "url" : "http://www.vwar.de/" - }, - { - "name" : "20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-April/001519.html" - }, - { - "name" : "19472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19472" - }, - { - "name" : "1384", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1384" - }, - { - "name" : "virtualwar-online-sql-injection(28323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2170", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2170" + }, + { + "name": "19472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19472" + }, + { + "name": "20060811 VWar <= 1.50 R14 (n) Remote SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442989/100/0/threaded" + }, + { + "name": "20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html" + }, + { + "name": "virtualwar-online-sql-injection(28323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28323" + }, + { + "name": "http://www.vwar.de/", + "refsource": "CONFIRM", + "url": "http://www.vwar.de/" + }, + { + "name": "1384", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1384" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4480.json b/2006/4xxx/CVE-2006-4480.json index 9068713b35b..3b7551d0d6f 100644 --- a/2006/4xxx/CVE-2006-4480.json +++ b/2006/4xxx/CVE-2006-4480.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444749/100/0/threaded" - }, - { - "name" : "1478", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060830 Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444749/100/0/threaded" + }, + { + "name": "1478", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1478" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4723.json b/2006/4xxx/CVE-2006-4723.json index 09933fc3283..fd399e5378c 100644 --- a/2006/4xxx/CVE-2006-4723.json +++ b/2006/4xxx/CVE-2006-4723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2328", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2328" - }, - { - "name" : "19918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19918" - }, - { - "name" : "ADV-2006-3542", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3542" - }, - { - "name" : "21833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21833" - }, - { - "name" : "raidenhttpd-check-file-include(28821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3542", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3542" + }, + { + "name": "raidenhttpd-check-file-include(28821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28821" + }, + { + "name": "19918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19918" + }, + { + "name": "2328", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2328" + }, + { + "name": "21833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21833" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4796.json b/2006/4xxx/CVE-2006-4796.json index e6f7ba8c51a..b232831202e 100644 --- a/2006/4xxx/CVE-2006-4796.json +++ b/2006/4xxx/CVE-2006-4796.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060913 Snitz Forums 2000 v3.4.06", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445902/100/0/threaded" - }, - { - "name" : "20060913 Re: Snitz Forums 2000 v3.4.06", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446043/100/0/threaded" - }, - { - "name" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62773", - "refsource" : "CONFIRM", - "url" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62773" - }, - { - "name" : "20004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20004" - }, - { - "name" : "ADV-2006-3632", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3632" - }, - { - "name" : "28832", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28832" - }, - { - "name" : "21946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21946" - }, - { - "name" : "1578", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1578" - }, - { - "name" : "snitzforums-forum-xss(28921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060913 Snitz Forums 2000 v3.4.06", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445902/100/0/threaded" + }, + { + "name": "1578", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1578" + }, + { + "name": "snitzforums-forum-xss(28921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28921" + }, + { + "name": "21946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21946" + }, + { + "name": "28832", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28832" + }, + { + "name": "20004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20004" + }, + { + "name": "ADV-2006-3632", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3632" + }, + { + "name": "20060913 Re: Snitz Forums 2000 v3.4.06", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446043/100/0/threaded" + }, + { + "name": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62773", + "refsource": "CONFIRM", + "url": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62773" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4837.json b/2006/4xxx/CVE-2006-4837.json index c2848013b9c..fa9d6f2a208 100644 --- a/2006/4xxx/CVE-2006-4837.json +++ b/2006/4xxx/CVE-2006-4837.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060914 DCP-Portal SE 6.0 multiple injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445996/100/0/threaded" - }, - { - "name" : "20060613 [Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437510/100/200/threaded" - }, - { - "name" : "1905", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1905" - }, - { - "name" : "20024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20024" - }, - { - "name" : "1585", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060914 DCP-Portal SE 6.0 multiple injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded" + }, + { + "name": "20060613 [Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded" + }, + { + "name": "20024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20024" + }, + { + "name": "1585", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1585" + }, + { + "name": "1905", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1905" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5020.json b/2006/5xxx/CVE-2006-5020.json index 5732450f6dd..0a502361ab5 100644 --- a/2006/5xxx/CVE-2006-5020.json +++ b/2006/5xxx/CVE-2006-5020.json @@ -1,377 +1,377 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2413", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2413" - }, - { - "name" : "http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1", - "refsource" : "CONFIRM", - "url" : "http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1" - }, - { - "name" : "20070106 vendor ack: SolidState RFI", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2007-January/001210.html" - }, - { - "name" : "21934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21934" - }, - { - "name" : "31097", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31097" - }, - { - "name" : "31098", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31098" - }, - { - "name" : "31099", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31099" - }, - { - "name" : "31100", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31100" - }, - { - "name" : "31104", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31104" - }, - { - "name" : "31105", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31105" - }, - { - "name" : "31106", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31106" - }, - { - "name" : "31107", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31107" - }, - { - "name" : "31108", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31108" - }, - { - "name" : "31109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31109" - }, - { - "name" : "31110", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31110" - }, - { - "name" : "31111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31111" - }, - { - "name" : "31112", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31112" - }, - { - "name" : "31113", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31113" - }, - { - "name" : "31114", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31114" - }, - { - "name" : "31115", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31115" - }, - { - "name" : "31116", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31116" - }, - { - "name" : "31117", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31117" - }, - { - "name" : "31118", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31118" - }, - { - "name" : "31119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31119" - }, - { - "name" : "31120", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31120" - }, - { - "name" : "31121", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31121" - }, - { - "name" : "31122", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31122" - }, - { - "name" : "31123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31123" - }, - { - "name" : "31124", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31124" - }, - { - "name" : "31125", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31125" - }, - { - "name" : "31126", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31126" - }, - { - "name" : "31127", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31127" - }, - { - "name" : "31128", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31128" - }, - { - "name" : "31129", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31129" - }, - { - "name" : "31130", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31130" - }, - { - "name" : "31131", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31131" - }, - { - "name" : "31132", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31132" - }, - { - "name" : "31133", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31133" - }, - { - "name" : "31134", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31134" - }, - { - "name" : "31141", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31141" - }, - { - "name" : "31142", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31142" - }, - { - "name" : "31143", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31143" - }, - { - "name" : "31144", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31144" - }, - { - "name" : "31145", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31145" - }, - { - "name" : "31146", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31146" - }, - { - "name" : "31147", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31147" - }, - { - "name" : "31190", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31190" - }, - { - "name" : "31191", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31191" - }, - { - "name" : "31192", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31192" - }, - { - "name" : "31193", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31193" - }, - { - "name" : "31194", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31194" - }, - { - "name" : "31197", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31197" - }, - { - "name" : "31198", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31198" - }, - { - "name" : "31199", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31199" - }, - { - "name" : "31200", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31200" - }, - { - "name" : "31201", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31201" - }, - { - "name" : "31202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31202" - }, - { - "name" : "31203", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31203" - }, - { - "name" : "31135", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31135" - }, - { - "name" : "31136", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31136" - }, - { - "name" : "31137", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31137" - }, - { - "name" : "31138", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31138" - }, - { - "name" : "31139", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31139" - }, - { - "name" : "solidstate-basepath-file-include(29095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solidstate-basepath-file-include(29095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29095" + }, + { + "name": "31120", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31120" + }, + { + "name": "31147", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31147" + }, + { + "name": "31141", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31141" + }, + { + "name": "31139", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31139" + }, + { + "name": "31192", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31192" + }, + { + "name": "31106", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31106" + }, + { + "name": "31135", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31135" + }, + { + "name": "31117", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31117" + }, + { + "name": "20070106 vendor ack: SolidState RFI", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2007-January/001210.html" + }, + { + "name": "31144", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31144" + }, + { + "name": "21934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21934" + }, + { + "name": "31100", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31100" + }, + { + "name": "31112", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31112" + }, + { + "name": "31109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31109" + }, + { + "name": "31193", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31193" + }, + { + "name": "31115", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31115" + }, + { + "name": "31131", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31131" + }, + { + "name": "31203", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31203" + }, + { + "name": "31194", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31194" + }, + { + "name": "31146", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31146" + }, + { + "name": "31191", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31191" + }, + { + "name": "31105", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31105" + }, + { + "name": "31119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31119" + }, + { + "name": "31197", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31197" + }, + { + "name": "31136", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31136" + }, + { + "name": "31116", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31116" + }, + { + "name": "31099", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31099" + }, + { + "name": "31114", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31114" + }, + { + "name": "31134", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31134" + }, + { + "name": "31190", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31190" + }, + { + "name": "31145", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31145" + }, + { + "name": "31122", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31122" + }, + { + "name": "31111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31111" + }, + { + "name": "31104", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31104" + }, + { + "name": "31113", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31113" + }, + { + "name": "http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1", + "refsource": "CONFIRM", + "url": "http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1" + }, + { + "name": "31199", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31199" + }, + { + "name": "31128", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31128" + }, + { + "name": "2413", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2413" + }, + { + "name": "31125", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31125" + }, + { + "name": "31107", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31107" + }, + { + "name": "31098", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31098" + }, + { + "name": "31137", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31137" + }, + { + "name": "31200", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31200" + }, + { + "name": "31143", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31143" + }, + { + "name": "31198", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31198" + }, + { + "name": "31123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31123" + }, + { + "name": "31126", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31126" + }, + { + "name": "31124", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31124" + }, + { + "name": "31201", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31201" + }, + { + "name": "31097", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31097" + }, + { + "name": "31110", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31110" + }, + { + "name": "31121", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31121" + }, + { + "name": "31133", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31133" + }, + { + "name": "31138", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31138" + }, + { + "name": "31130", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31130" + }, + { + "name": "31127", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31127" + }, + { + "name": "31202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31202" + }, + { + "name": "31108", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31108" + }, + { + "name": "31129", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31129" + }, + { + "name": "31132", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31132" + }, + { + "name": "31118", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31118" + }, + { + "name": "31142", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31142" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5996.json b/2006/5xxx/CVE-2006-5996.json index 0e12b05912d..f23c3aa5b0d 100644 --- a/2006/5xxx/CVE-2006-5996.json +++ b/2006/5xxx/CVE-2006-5996.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5996", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5996", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0817.json b/2010/0xxx/CVE-2010-0817.json index 676d7cf68be..d87c64509ed 100644 --- a/2010/0xxx/CVE-2010-0817.json +++ b/2010/0xxx/CVE-2010-0817.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100428 XSS in Microsoft SharePoint Server 2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511021/100/0/threaded" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html" - }, - { - "name" : "MS10-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "oval:org.mitre.oval:def:7468", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039" + }, + { + "name": "20100428 XSS in Microsoft SharePoint Server 2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511021/100/0/threaded" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + }, + { + "name": "oval:org.mitre.oval:def:7468", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2166.json b/2010/2xxx/CVE-2010-2166.json index 0ae0e6ca63f..c70ec875d42 100644 --- a/2010/2xxx/CVE-2010-2166.json +++ b/2010/2xxx/CVE-2010-2166.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "RHSA-2010:0464", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html" - }, - { - "name" : "RHSA-2010:0470", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html" - }, - { - "name" : "SUSE-SA:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "TLSA-2010-19", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" - }, - { - "name" : "TA10-162A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" - }, - { - "name" : "40759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40759" - }, - { - "name" : "40783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40783" - }, - { - "name" : "oval:org.mitre.oval:def:7431", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7431" - }, - { - "name" : "oval:org.mitre.oval:def:15541", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15541" - }, - { - "name" : "1024085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024085" - }, - { - "name" : "1024086", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024086" - }, - { - "name" : "40144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40144" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-1453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1453" - }, - { - "name" : "ADV-2010-1421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1421" - }, - { - "name" : "ADV-2010-1432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1432" - }, - { - "name" : "ADV-2010-1434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1434" - }, - { - "name" : "ADV-2010-1482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1482" - }, - { - "name" : "ADV-2010-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1522" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "ADV-2010-1421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1421" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "RHSA-2010:0464", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "ADV-2010-1432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1432" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "TA10-162A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "40759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40759" + }, + { + "name": "1024085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024085" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "1024086", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024086" + }, + { + "name": "ADV-2010-1434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1434" + }, + { + "name": "TLSA-2010-19", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SUSE-SA:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" + }, + { + "name": "oval:org.mitre.oval:def:15541", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15541" + }, + { + "name": "40144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40144" + }, + { + "name": "oval:org.mitre.oval:def:7431", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7431" + }, + { + "name": "RHSA-2010:0470", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html" + }, + { + "name": "40783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40783" + }, + { + "name": "ADV-2010-1482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1482" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "ADV-2010-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1522" + }, + { + "name": "ADV-2010-1453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1453" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2251.json b/2010/2xxx/CVE-2010-2251.json index 90cc07d2ee6..a616567704b 100644 --- a/2010/2xxx/CVE-2010-2251.json +++ b/2010/2xxx/CVE-2010-2251.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101027 rPSA-2010-0073-1 lftp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514499/100/0/threaded" - }, - { - "name" : "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127411372529485&w=2" - }, - { - "name" : "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127432968701342&w=2" - }, - { - "name" : "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127611288927500&w=2" - }, - { - "name" : "[oss-security] 20100610 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127620248914170&w=2" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2010-001.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2010-001.html" - }, - { - "name" : "http://lftp.yar.ru/news.html", - "refsource" : "CONFIRM", - "url" : "http://lftp.yar.ru/news.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=591580", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=591580" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=602836", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=602836" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0073", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0073" - }, - { - "name" : "DSA-2085", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2085" - }, - { - "name" : "FEDORA-2010-9819", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "40400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40400" - }, - { - "name" : "ADV-2010-1654", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0073", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0073" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=602836", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602836" + }, + { + "name": "ADV-2010-1654", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1654" + }, + { + "name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2" + }, + { + "name": "FEDORA-2010-9819", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2010-001.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2010-001.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=591580", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "40400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40400" + }, + { + "name": "DSA-2085", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2085" + }, + { + "name": "20101027 rPSA-2010-0073-1 lftp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514499/100/0/threaded" + }, + { + "name": "http://lftp.yar.ru/news.html", + "refsource": "CONFIRM", + "url": "http://lftp.yar.ru/news.html" + }, + { + "name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2" + }, + { + "name": "[oss-security] 20100610 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127620248914170&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2290.json b/2010/2xxx/CVE-2010-2290.json index 43b7ac4f5ed..88b8aad2764 100644 --- a/2010/2xxx/CVE-2010-2290.json +++ b/2010/2xxx/CVE-2010-2290.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100609 McAfee UTM Firewall Help Reflected Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511771/100/0/threaded" - }, - { - "name" : "http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/", - "refsource" : "MISC", - "url" : "http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10010", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10010" - }, - { - "name" : "1024091", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024091" - }, - { - "name" : "40089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40089" - }, - { - "name" : "40138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40138" - }, - { - "name" : "ADV-2010-1413", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/", + "refsource": "MISC", + "url": "http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10010", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10010" + }, + { + "name": "ADV-2010-1413", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1413" + }, + { + "name": "40089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40089" + }, + { + "name": "40138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40138" + }, + { + "name": "1024091", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024091" + }, + { + "name": "20100609 McAfee UTM Firewall Help Reflected Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511771/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3494.json b/2010/3xxx/CVE-2010-3494.json index 6723ec5f94e..01977131897 100644 --- a/2010/3xxx/CVE-2010-3494.json +++ b/2010/3xxx/CVE-2010-3494.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/09/6" - }, - { - "name" : "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/11/2" - }, - { - "name" : "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/22/3" - }, - { - "name" : "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/24/3" - }, - { - "name" : "http://bugs.python.org/issue6706", - "refsource" : "MISC", - "url" : "http://bugs.python.org/issue6706" - }, - { - "name" : "https://bugs.launchpad.net/zodb/+bug/135108", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/zodb/+bug/135108" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/issues/detail?id=104", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/issues/detail?id=104" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/issues/detail?id=105", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/issues/detail?id=105" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/detail?r=556", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/detail?r=556" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556&r=556&format=side&path=/trunk/pyftpdlib/ftpserver.py", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556&r=556&format=side&path=/trunk/pyftpdlib/ftpserver.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/11/2" + }, + { + "name": "http://code.google.com/p/pyftpdlib/source/detail?r=556", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/detail?r=556" + }, + { + "name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY" + }, + { + "name": "https://bugs.launchpad.net/zodb/+bug/135108", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/zodb/+bug/135108" + }, + { + "name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556&r=556&format=side&path=/trunk/pyftpdlib/ftpserver.py", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556&r=556&format=side&path=/trunk/pyftpdlib/ftpserver.py" + }, + { + "name": "http://code.google.com/p/pyftpdlib/issues/detail?id=105", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105" + }, + { + "name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/24/3" + }, + { + "name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/22/3" + }, + { + "name": "http://code.google.com/p/pyftpdlib/issues/detail?id=104", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104" + }, + { + "name": "http://bugs.python.org/issue6706", + "refsource": "MISC", + "url": "http://bugs.python.org/issue6706" + }, + { + "name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/09/6" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3531.json b/2010/3xxx/CVE-2010-3531.json index 57827c3737e..b697e0c3a0b 100644 --- a/2010/3xxx/CVE-2010-3531.json +++ b/2010/3xxx/CVE-2010-3531.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4227.json b/2010/4xxx/CVE-2010-4227.json index e7edb46ad14..4a6a98ca16b 100644 --- a/2010/4xxx/CVE-2010-4227.json +++ b/2010/4xxx/CVE-2010-4227.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 ZDI-11-090: Novell Netware RPC XNFS xdrDecodeString Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516645/100/0/threaded" - }, - { - "name" : "16234", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16234" - }, - { - "name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=24&Itemid=24", - "refsource" : "MISC", - "url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=24&Itemid=24" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-090", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-090" - }, - { - "name" : "http://download.novell.com/Download?buildid=1z3z-OsVCiE~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=1z3z-OsVCiE~" - }, - { - "name" : "46535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46535" - }, - { - "name" : "1025119", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025119" - }, - { - "name" : "43431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43431" - }, - { - "name" : "8104", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8104" - }, - { - "name" : "ADV-2011-0497", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0497" - }, - { - "name" : "netware-xdrdecodestring-code-exec(65625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netware-xdrdecodestring-code-exec(65625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65625" + }, + { + "name": "46535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46535" + }, + { + "name": "ADV-2011-0497", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0497" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-090", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-090" + }, + { + "name": "http://download.novell.com/Download?buildid=1z3z-OsVCiE~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=1z3z-OsVCiE~" + }, + { + "name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=24&Itemid=24", + "refsource": "MISC", + "url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=24&Itemid=24" + }, + { + "name": "8104", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8104" + }, + { + "name": "43431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43431" + }, + { + "name": "16234", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16234" + }, + { + "name": "1025119", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025119" + }, + { + "name": "20110223 ZDI-11-090: Novell Netware RPC XNFS xdrDecodeString Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516645/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4501.json b/2010/4xxx/CVE-2010-4501.json index 680ea29983f..8bc5ce996d8 100644 --- a/2010/4xxx/CVE-2010-4501.json +++ b/2010/4xxx/CVE-2010-4501.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4501", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4334. Reason: This candidate is a duplicate of CVE-2010-4334. Notes: All CVE users should reference CVE-2010-4334 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4501", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4334. Reason: This candidate is a duplicate of CVE-2010-4334. Notes: All CVE users should reference CVE-2010-4334 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4920.json b/2010/4xxx/CVE-2010-4920.json index 4e751deee12..913d8b0fcc8 100644 --- a/2010/4xxx/CVE-2010-4920.json +++ b/2010/4xxx/CVE-2010-4920.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14919", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14919" - }, - { - "name" : "41320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41320" - }, - { - "name" : "rental-property-detail-sql-injection(61619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41320" + }, + { + "name": "14919", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14919" + }, + { + "name": "rental-property-detail-sql-injection(61619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61619" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1984.json b/2011/1xxx/CVE-2011-1984.json index a62d8775e0b..a0c01117668 100644 --- a/2011/1xxx/CVE-2011-1984.json +++ b/2011/1xxx/CVE-2011-1984.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka \"WINS Local Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-070", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-070" - }, - { - "name" : "TA11-256A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12634", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12634" - }, - { - "name" : "8378", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka \"WINS Local Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8378", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8378" + }, + { + "name": "oval:org.mitre.oval:def:12634", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12634" + }, + { + "name": "MS11-070", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-070" + }, + { + "name": "TA11-256A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5198.json b/2011/5xxx/CVE-2011-5198.json index 81033fd3176..360954ad08c 100644 --- a/2011/5xxx/CVE-2011-5198.json +++ b/2011/5xxx/CVE-2011-5198.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/108231/neturf-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/108231/neturf-xss.txt" - }, - { - "name" : "78068", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78068" - }, - { - "name" : "47354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47354" - }, - { - "name" : "neturfecommerce-search-xss(72037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "neturfecommerce-search-xss(72037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72037" + }, + { + "name": "47354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47354" + }, + { + "name": "78068", + "refsource": "OSVDB", + "url": "http://osvdb.org/78068" + }, + { + "name": "http://packetstormsecurity.org/files/view/108231/neturf-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/108231/neturf-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10069.json b/2014/10xxx/CVE-2014-10069.json index d5125c767b1..6de5b65d515 100644 --- a/2014/10xxx/CVE-2014-10069.json +++ b/2014/10xxx/CVE-2014-10069.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html", - "refsource" : "MISC", - "url" : "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html" - }, - { - "name" : "https://github.com/Manouchehri/hitron-cfg-decrypter", - "refsource" : "MISC", - "url" : "https://github.com/Manouchehri/hitron-cfg-decrypter" - }, - { - "name" : "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17", - "refsource" : "MISC", - "url" : "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17", + "refsource": "MISC", + "url": "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17" + }, + { + "name": "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html", + "refsource": "MISC", + "url": "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html" + }, + { + "name": "https://github.com/Manouchehri/hitron-cfg-decrypter", + "refsource": "MISC", + "url": "https://github.com/Manouchehri/hitron-cfg-decrypter" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3267.json b/2014/3xxx/CVE-2014-3267.json index dec8c0ff97c..952a132c880 100644 --- a/2014/3xxx/CVE-2014-3267.json +++ b/2014/3xxx/CVE-2014-3267.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325" - }, - { - "name" : "20140521 Cisco Security Manager Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267" - }, - { - "name" : "1030271", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140521 Cisco Security Manager Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325" + }, + { + "name": "1030271", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030271" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3579.json b/2014/3xxx/CVE-2014-3579.json index 6e0422086db..42cc10fa4c5 100644 --- a/2014/3xxx/CVE-2014-3579.json +++ b/2014/3xxx/CVE-2014-3579.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3579 - ActiveMQ Apollo vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/428" - }, - { - "name" : "http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt", - "refsource" : "CONFIRM", - "url" : "http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt" - }, - { - "name" : "https://issues.apache.org/jira/browse/APLO-366", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/APLO-366" - }, - { - "name" : "72508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72508" - }, - { - "name" : "apache-activemq-cve20143579-info-disc(100721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72508" + }, + { + "name": "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3579 - ActiveMQ Apollo vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/428" + }, + { + "name": "apache-activemq-cve20143579-info-disc(100721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100721" + }, + { + "name": "https://issues.apache.org/jira/browse/APLO-366", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/APLO-366" + }, + { + "name": "http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt", + "refsource": "CONFIRM", + "url": "http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3587.json b/2014/3xxx/CVE-2014-3587.json index 062ad1b9771..239bd81f139 100644 --- a/2014/3xxx/CVE-2014-3587.json +++ b/2014/3xxx/CVE-2014-3587.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=67716", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=67716" - }, - { - "name" : "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233" - }, - { - "name" : "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3587", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3587" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-3008", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3008" - }, - { - "name" : "DSA-3021", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3021" - }, - { - "name" : "RHSA-2014:1326", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1326.html" - }, - { - "name" : "RHSA-2014:1327", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1327.html" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "RHSA-2014:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" - }, - { - "name" : "RHSA-2016:0760", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0760.html" - }, - { - "name" : "USN-2344-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2344-1" - }, - { - "name" : "USN-2369-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2369-1" - }, - { - "name" : "69325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69325" - }, - { - "name" : "60609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60609" - }, - { - "name" : "60696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "USN-2369-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2369-1" + }, + { + "name": "RHSA-2014:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" + }, + { + "name": "DSA-3021", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3021" + }, + { + "name": "60609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60609" + }, + { + "name": "USN-2344-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2344-1" + }, + { + "name": "RHSA-2016:0760", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2014-3587", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2014-3587" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "RHSA-2014:1326", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "DSA-3008", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3008" + }, + { + "name": "RHSA-2014:1327", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "69325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69325" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947" + }, + { + "name": "https://bugs.php.net/bug.php?id=67716", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=67716" + }, + { + "name": "60696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60696" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3681.json b/2014/3xxx/CVE-2014-3681.json index 2b850d75a70..d30c8b9f0db 100644 --- a/2014/3xxx/CVE-2014-3681.json +++ b/2014/3xxx/CVE-2014-3681.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1147766", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1147766" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - }, - { - "name" : "jenkins-cve20143681-xss(96975)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jenkins-cve20143681-xss(96975)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147766", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147766" + }, + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3873.json b/2014/3xxx/CVE-2014-3873.json index fc054f197d3..751d577ae6a 100644 --- a/2014/3xxx/CVE-2014-3873.json +++ b/2014/3xxx/CVE-2014-3873.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-14:12", - "refsource" : "FREEBSD", - "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.asc" - }, - { - "name" : "67812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67812" - }, - { - "name" : "1030325", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030325" - }, - { - "name" : "58627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67812" + }, + { + "name": "FreeBSD-SA-14:12", + "refsource": "FREEBSD", + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.asc" + }, + { + "name": "1030325", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030325" + }, + { + "name": "58627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58627" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4105.json b/2014/4xxx/CVE-2014-4105.json index 5d3e1087d12..0816b240aba 100644 --- a/2014/4xxx/CVE-2014-4105.json +++ b/2014/4xxx/CVE-2014-4105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69613" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "69613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69613" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7585.json b/2014/7xxx/CVE-2014-7585.json index 70819d75b95..4ce776591a4 100644 --- a/2014/7xxx/CVE-2014-7585.json +++ b/2014/7xxx/CVE-2014-7585.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Biplane Forum (aka com.gcspublishing.biplaneforum) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#777681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/777681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Biplane Forum (aka com.gcspublishing.biplaneforum) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#777681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/777681" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8140.json b/2014/8xxx/CVE-2014-8140.json index 9df6b31c7c3..a727a801da4 100644 --- a/2014/8xxx/CVE-2014-8140.json +++ b/2014/8xxx/CVE-2014-8140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8140", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8140", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8202.json b/2014/8xxx/CVE-2014-8202.json index 5849e0a6799..fb994605d0e 100644 --- a/2014/8xxx/CVE-2014-8202.json +++ b/2014/8xxx/CVE-2014-8202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8202", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8202", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8258.json b/2014/8xxx/CVE-2014-8258.json index 72ac8d50a07..75833261ffa 100644 --- a/2014/8xxx/CVE-2014-8258.json +++ b/2014/8xxx/CVE-2014-8258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8749.json b/2014/8xxx/CVE-2014-8749.json index c582f312cfa..79f4df006bb 100644 --- a/2014/8xxx/CVE-2014-8749.json +++ b/2014/8xxx/CVE-2014-8749.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141106 Wordpress bulletproof-security <=.51 multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/13" - }, - { - "name" : "https://wordpress.org/plugins/bulletproof-security/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/bulletproof-security/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141106 Wordpress bulletproof-security <=.51 multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/13" + }, + { + "name": "https://wordpress.org/plugins/bulletproof-security/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/bulletproof-security/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8877.json b/2014/8xxx/CVE-2014-8877.json index 345f3052600..27fd0eb9c6b 100644 --- a/2014/8xxx/CVE-2014-8877.json +++ b/2014/8xxx/CVE-2014-8877.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141120 CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534037/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.html" - }, - { - "name" : "http://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.html", - "refsource" : "MISC", - "url" : "http://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.html" - }, - { - "name" : "https://downloadsmanager.cminds.com/release-notes/", - "refsource" : "CONFIRM", - "url" : "https://downloadsmanager.cminds.com/release-notes/" - }, - { - "name" : "71204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://downloadsmanager.cminds.com/release-notes/", + "refsource": "CONFIRM", + "url": "https://downloadsmanager.cminds.com/release-notes/" + }, + { + "name": "http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.html" + }, + { + "name": "71204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71204" + }, + { + "name": "20141120 CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534037/100/0/threaded" + }, + { + "name": "http://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.html", + "refsource": "MISC", + "url": "http://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8974.json b/2014/8xxx/CVE-2014-8974.json index 18e5fefbf06..284947a9064 100644 --- a/2014/8xxx/CVE-2014-8974.json +++ b/2014/8xxx/CVE-2014-8974.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8974", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8974", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9208.json b/2014/9xxx/CVE-2014-9208.json index 78854667918..ab1dd2d8f3e 100644 --- a/2014/9xxx/CVE-2014-9208.json +++ b/2014/9xxx/CVE-2014-9208.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-9208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38108", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38108/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01" + }, + { + "name": "38108", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38108/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2364.json b/2016/2xxx/CVE-2016-2364.json index 5cc9518a615..0ef12cf459c 100644 --- a/2016/2xxx/CVE-2016-2364.json +++ b/2016/2xxx/CVE-2016-2364.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#754056", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/754056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#754056", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/754056" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2815.json b/2016/2xxx/CVE-2016-2815.json index 4caff83ecff..ca41100ec68 100644 --- a/2016/2xxx/CVE-2016-2815.json +++ b/2016/2xxx/CVE-2016-2815.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241896", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241896" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1242798", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1242798" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243466" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1245743", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1245743" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1264300", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1264300" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1271037", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1271037" - }, - { - "name" : "openSUSE-SU-2016:1552", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1557", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" - }, - { - "name" : "openSUSE-SU-2016:1767", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:1769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:1778", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:1691", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" - }, - { - "name" : "USN-2993-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2993-1" - }, - { - "name" : "91075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91075" - }, - { - "name" : "1036057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036057" + }, + { + "name": "openSUSE-SU-2016:1557", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242798", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242798" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264300", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264300" + }, + { + "name": "openSUSE-SU-2016:1767", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241896", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241896" + }, + { + "name": "openSUSE-SU-2016:1778", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243466", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243466" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1271037", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1271037" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html" + }, + { + "name": "openSUSE-SU-2016:1769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" + }, + { + "name": "openSUSE-SU-2016:1552", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245743", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245743" + }, + { + "name": "USN-2993-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2993-1" + }, + { + "name": "SUSE-SU-2016:1691", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" + }, + { + "name": "91075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91075" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2998.json b/2016/2xxx/CVE-2016-2998.json index 9cffdf29f00..f27eddbf72d 100644 --- a/2016/2xxx/CVE-2016-2998.json +++ b/2016/2xxx/CVE-2016-2998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988991", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988991" - }, - { - "name" : "LO89929", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929" - }, - { - "name" : "92578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988991", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988991" + }, + { + "name": "92578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92578" + }, + { + "name": "LO89929", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6303.json b/2016/6xxx/CVE-2016-6303.json index 3f4582bdbaf..2c90921079c 100644 --- a/2016/6xxx/CVE-2016-6303.json +++ b/2016/6xxx/CVE-2016-6303.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1370146", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1370146" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07" - }, - { - "name" : "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa132", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa132" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-16", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-16" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "FreeBSD-SA-16:26", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" - }, - { - "name" : "92984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92984" - }, - { - "name" : "1036885", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + }, + { + "name": "1036885", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036885" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + }, + { + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "92984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92984" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa132", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa132" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "FreeBSD-SA-16:26", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6481.json b/2016/6xxx/CVE-2016-6481.json index 2f5b63c2de3..2900da05fc1 100644 --- a/2016/6xxx/CVE-2016-6481.json +++ b/2016/6xxx/CVE-2016-6481.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6481", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6481", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6824.json b/2016/6xxx/CVE-2016-6824.json index ec428dca234..ea828bbb85d 100644 --- a/2016/6xxx/CVE-2016-6824.json +++ b/2016/6xxx/CVE-2016-6824.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-ac-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-ac-en" - }, - { - "name" : "92506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-ac-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-ac-en" + }, + { + "name": "92506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92506" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7345.json b/2016/7xxx/CVE-2016-7345.json index 5d230403eaf..af28654111c 100644 --- a/2016/7xxx/CVE-2016-7345.json +++ b/2016/7xxx/CVE-2016-7345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7345", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7345", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7527.json b/2016/7xxx/CVE-2016-7527.json index 95aad60bcda..12a8eb06172 100644 --- a/2016/7xxx/CVE-2016-7527.json +++ b/2016/7xxx/CVE-2016-7527.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378759", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378759" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/122", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/122" - }, - { - "name" : "93220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/122", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/122" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115" + }, + { + "name": "93220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93220" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378759", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378759" + } + ] + } +} \ No newline at end of file