diff --git a/2006/0xxx/CVE-2006-0790.json b/2006/0xxx/CVE-2006-0790.json index 06f4060d560..e58da7b2e2b 100644 --- a/2006/0xxx/CVE-2006-0790.json +++ b/2006/0xxx/CVE-2006-0790.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Dailydave] 20060214 MailSite (WorldMail) fun", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2006-February/002926.html" - }, - { - "name" : "16675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16675" - }, - { - "name" : "ADV-2006-0598", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0598" - }, - { - "name" : "18888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18888" - }, - { - "name" : "mailsite-ldap-dos(24686)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18888" + }, + { + "name": "[Dailydave] 20060214 MailSite (WorldMail) fun", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-February/002926.html" + }, + { + "name": "mailsite-ldap-dos(24686)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24686" + }, + { + "name": "16675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16675" + }, + { + "name": "ADV-2006-0598", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0598" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0818.json b/2006/0xxx/CVE-2006-0818.json index 32e5f2e1c30..45a975a614b 100644 --- a/2006/0xxx/CVE-2006-0818.json +++ b/2006/0xxx/CVE-2006-0818.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060717 Secunia Research: IceWarp Web Mail Two File InclusionVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440297/100/0/threaded" - }, - { - "name" : "20060717 Secunia Research: VisNetic Mail Server Two File InclusionVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440302/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-12/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-12/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2006-14/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-14/advisory/" - }, - { - "name" : "19002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19002" - }, - { - "name" : "19007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19007" - }, - { - "name" : "ADV-2006-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2825" - }, - { - "name" : "1016513", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016513" - }, - { - "name" : "1016514", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016514" - }, - { - "name" : "18953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18953" - }, - { - "name" : "18966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18966" - }, - { - "name" : "visnetic-language-file-include(27780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016514", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016514" + }, + { + "name": "19002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19002" + }, + { + "name": "1016513", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016513" + }, + { + "name": "18966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18966" + }, + { + "name": "18953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18953" + }, + { + "name": "20060717 Secunia Research: VisNetic Mail Server Two File InclusionVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440302/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2006-12/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-12/advisory/" + }, + { + "name": "http://secunia.com/secunia_research/2006-14/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-14/advisory/" + }, + { + "name": "20060717 Secunia Research: IceWarp Web Mail Two File InclusionVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440297/100/0/threaded" + }, + { + "name": "ADV-2006-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2825" + }, + { + "name": "19007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19007" + }, + { + "name": "visnetic-language-file-include(27780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27780" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0941.json b/2006/0xxx/CVE-2006-0941.json index 0dbd24dfdfa..54490f7db4e 100644 --- a/2006/0xxx/CVE-2006-0941.json +++ b/2006/0xxx/CVE-2006-0941.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060307 [eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426985/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/87/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/87/summary.html" - }, - { - "name" : "16857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16857" - }, - { - "name" : "ADV-2006-0755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0755" - }, - { - "name" : "23483", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23483" - }, - { - "name" : "19047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19047" - }, - { - "name" : "557", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/557" - }, - { - "name" : "shoutlive-post-xss(24901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060307 [eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426985/100/0/threaded" + }, + { + "name": "16857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16857" + }, + { + "name": "shoutlive-post-xss(24901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24901" + }, + { + "name": "19047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19047" + }, + { + "name": "23483", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23483" + }, + { + "name": "557", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/557" + }, + { + "name": "ADV-2006-0755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0755" + }, + { + "name": "http://evuln.com/vulns/87/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/87/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0973.json b/2006/0xxx/CVE-2006-0973.json index 7ef9b2235f7..6c1ec8f338f 100644 --- a/2006/0xxx/CVE-2006-0973.json +++ b/2006/0xxx/CVE-2006-0973.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060523 sql injection in phpWebSite 0.8.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435009/100/0/threaded" - }, - { - "name" : "1525", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1525" - }, - { - "name" : "20060412 phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430870/100/0/threaded" - }, - { - "name" : "16825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16825" - }, - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/phpWebSite-topic-sql-inj.pl", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/phpWebSite-topic-sql-inj.pl" - }, - { - "name" : "phpwebsite-topics-sql-injection(25799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060523 sql injection in phpWebSite 0.8.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435009/100/0/threaded" + }, + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/phpWebSite-topic-sql-inj.pl", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/phpWebSite-topic-sql-inj.pl" + }, + { + "name": "16825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16825" + }, + { + "name": "phpwebsite-topics-sql-injection(25799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25799" + }, + { + "name": "20060412 phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430870/100/0/threaded" + }, + { + "name": "1525", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1525" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1291.json b/2006/1xxx/CVE-2006-1291.json index 193f7e22a7a..80e54b8ac06 100644 --- a/2006/1xxx/CVE-2006-1291.json +++ b/2006/1xxx/CVE-2006-1291.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/php-iCalendar-221.upload.php", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/php-iCalendar-221.upload.php" - }, - { - "name" : "1586", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1586" - }, - { - "name" : "17129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17129" - }, - { - "name" : "ADV-2006-1019", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1019" - }, - { - "name" : "19285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19285" + }, + { + "name": "1586", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1586" + }, + { + "name": "ADV-2006-1019", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1019" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/php-iCalendar-221.upload.php", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/php-iCalendar-221.upload.php" + }, + { + "name": "17129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17129" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1381.json b/2006/1xxx/CVE-2006-1381.json index 62aca8c6812..92145499728 100644 --- a/2006/1xxx/CVE-2006-1381.json +++ b/2006/1xxx/CVE-2006-1381.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", - "refsource" : "MISC", - "url" : "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english" - }, - { - "name" : "ADV-2006-1041", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1041" - }, - { - "name" : "11576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11576" - }, - { - "name" : "imss-isntsmtp-directory-permissions(25415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imss-isntsmtp-directory-permissions(25415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415" + }, + { + "name": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", + "refsource": "MISC", + "url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english" + }, + { + "name": "ADV-2006-1041", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1041" + }, + { + "name": "11576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11576" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1448.json b/2006/1xxx/CVE-2006-1448.json index 5dad88b4668..1a5f5e19cde 100644 --- a/2006/1xxx/CVE-2006-1448.json +++ b/2006/1xxx/CVE-2006-1448.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "25592", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25592" - }, - { - "name" : "1016082", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016082" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "macos-finder-url-type-spoofing(26410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "1016082", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016082" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "macos-finder-url-type-spoofing(26410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26410" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "25592", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25592" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1877.json b/2006/1xxx/CVE-2006-1877.json index 78e726ecdb2..e9812677739 100644 --- a/2006/1xxx/CVE-2006-1877.json +++ b/2006/1xxx/CVE-2006-1877.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" - }, - { - "name" : "HPSBMA02113", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "SSRT061148", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "17590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17590" - }, - { - "name" : "ADV-2006-1397", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1397" - }, - { - "name" : "ADV-2006-1571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1571" - }, - { - "name" : "24861", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24861" - }, - { - "name" : "1015961", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015961" - }, - { - "name" : "19712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19712" - }, - { - "name" : "19859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19859" - }, - { - "name" : "oracle-database-multiple-unspecified(26068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19712" + }, + { + "name": "19859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19859" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" + }, + { + "name": "ADV-2006-1571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1571" + }, + { + "name": "17590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17590" + }, + { + "name": "SSRT061148", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "oracle-database-multiple-unspecified(26068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26068" + }, + { + "name": "ADV-2006-1397", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1397" + }, + { + "name": "HPSBMA02113", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "24861", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24861" + }, + { + "name": "1015961", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015961" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1892.json b/2006/1xxx/CVE-2006-1892.json index 2647d051305..6adb200f09d 100644 --- a/2006/1xxx/CVE-2006-1892.json +++ b/2006/1xxx/CVE-2006-1892.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060414 Avast Linux Home Edition (vulnerability on a temporary folder creation)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431019/100/0/threaded" - }, - { - "name" : "17535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17535" - }, - { - "name" : "ADV-2006-1387", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1387" - }, - { - "name" : "19683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19683" - }, - { - "name" : "712", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/712" - }, - { - "name" : "764", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060414 Avast Linux Home Edition (vulnerability on a temporary folder creation)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431019/100/0/threaded" + }, + { + "name": "ADV-2006-1387", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1387" + }, + { + "name": "712", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/712" + }, + { + "name": "17535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17535" + }, + { + "name": "19683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19683" + }, + { + "name": "764", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/764" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3902.json b/2006/3xxx/CVE-2006-3902.json index d1e078587be..e61d078e010 100644 --- a/2006/3xxx/CVE-2006-3902.json +++ b/2006/3xxx/CVE-2006-3902.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-2913", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2913" - }, - { - "name" : "21141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21141" + }, + { + "name": "ADV-2006-2913", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2913" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3905.json b/2006/3xxx/CVE-2006-3905.json index e2caf216844..fbac22e6c04 100644 --- a/2006/3xxx/CVE-2006-3905.json +++ b/2006/3xxx/CVE-2006-3905.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114791192612460&w=2" - }, - { - "name" : "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441356/100/0/threaded" - }, - { - "name" : "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html" - }, - { - "name" : "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt", - "refsource" : "MISC", - "url" : "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt" - }, - { - "name" : "26559", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=26559" - }, - { - "name" : "26560", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=26560" - }, - { - "name" : "mybloggie-index-sql-injection(26486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html" + }, + { + "name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded" + }, + { + "name": "26559", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26559" + }, + { + "name": "26560", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26560" + }, + { + "name": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt", + "refsource": "MISC", + "url": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt" + }, + { + "name": "mybloggie-index-sql-injection(26486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26486" + }, + { + "name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114791192612460&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4109.json b/2006/4xxx/CVE-2006-4109.json index 8ab5eca52eb..d57dc681967 100644 --- a/2006/4xxx/CVE-2006-4109.json +++ b/2006/4xxx/CVE-2006-4109.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/77756", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/77756" - }, - { - "name" : "19441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19441" - }, - { - "name" : "ADV-2006-3227", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3227" - }, - { - "name" : "21435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21435" - }, - { - "name" : "bibliography-unspecified-xss(28295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21435" + }, + { + "name": "ADV-2006-3227", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3227" + }, + { + "name": "http://drupal.org/node/77756", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/77756" + }, + { + "name": "19441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19441" + }, + { + "name": "bibliography-unspecified-xss(28295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28295" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4593.json b/2006/4xxx/CVE-2006-4593.json index ec055072d95..7a1e0c89d25 100644 --- a/2006/4xxx/CVE-2006-4593.json +++ b/2006/4xxx/CVE-2006-4593.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060904 SoftBB v0.1 < = Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445157/100/0/threaded" - }, - { - "name" : "19847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19847" - }, - { - "name" : "29886", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29886" - }, - { - "name" : "1016797", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016797" - }, - { - "name" : "1511", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016797", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016797" + }, + { + "name": "19847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19847" + }, + { + "name": "1511", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1511" + }, + { + "name": "29886", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29886" + }, + { + "name": "20060904 SoftBB v0.1 < = Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4755.json b/2006/4xxx/CVE-2006-4755.json index d23da2c7b0b..098396a0643 100644 --- a/2006/4xxx/CVE-2006-4755.json +++ b/2006/4xxx/CVE-2006-4755.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3562", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3562" - }, - { - "name" : "21875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21875" + }, + { + "name": "ADV-2006-3562", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3562" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4999.json b/2006/4xxx/CVE-2006-4999.json index 47173b4dfc1..ee7b8b551e4 100644 --- a/2006/4xxx/CVE-2006-4999.json +++ b/2006/4xxx/CVE-2006-4999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4999", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4999", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2037.json b/2010/2xxx/CVE-2010-2037.json index c4fb4ef8419..4efa30ceb14 100644 --- a/2010/2xxx/CVE-2010-2037.json +++ b/2010/2xxx/CVE-2010-2037.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/joomlaperchada-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/joomlaperchada-lfi.txt" - }, - { - "name" : "40244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1005-exploits/joomlaperchada-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/joomlaperchada-lfi.txt" + }, + { + "name": "40244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40244" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2321.json b/2010/2xxx/CVE-2010-2321.json index 95d70151a7f..70bbc3f1ccb 100644 --- a/2010/2xxx/CVE-2010-2321.json +++ b/2010/2xxx/CVE-2010-2321.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13817", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13817" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4941.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4941.php" - }, - { - "name" : "40565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40565" - }, - { - "name" : "65140", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65140" - }, - { - "name" : "40050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40050" - }, - { - "name" : "ADV-2010-1347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1347" - }, - { - "name" : "adobe-indesign-indd-bo(59132)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-indesign-indd-bo(59132)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59132" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4941.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4941.php" + }, + { + "name": "65140", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65140" + }, + { + "name": "40050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40050" + }, + { + "name": "13817", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13817" + }, + { + "name": "40565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40565" + }, + { + "name": "ADV-2010-1347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1347" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2915.json b/2010/2xxx/CVE-2010-2915.json index 78e68597836..baa2399f21c 100644 --- a/2010/2xxx/CVE-2010-2915.json +++ b/2010/2xxx/CVE-2010-2915.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14435", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14435" - }, - { - "name" : "http://packetstormsecurity.org/0907-exploits/ajhypeprime-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/ajhypeprime-sql.txt" - }, - { - "name" : "prime-welcome-sql-injection(60589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "prime-welcome-sql-injection(60589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60589" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/ajhypeprime-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/ajhypeprime-sql.txt" + }, + { + "name": "14435", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14435" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3015.json b/2010/3xxx/CVE-2010-3015.json index b66d7d8fbff..ad8e5f0cf36 100644 --- a/2010/3xxx/CVE-2010-3015.json +++ b/2010/3xxx/CVE-2010-3015.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[oss-security] 20100816 CVE request - kernel: integer overflow in ext4_ext_get_blocks()", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128192548904503&w=2" - }, - { - "name" : "[oss-security] 20100816 Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks()", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128197862004376&w=2" - }, - { - "name" : "[oss-security] 20100817 Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks()", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128201627016896&w=2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731eb1a03a8445cde2cb23ecfb3580c6fa7bb690", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731eb1a03a8445cde2cb23ecfb3580c6fa7bb690" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=624327", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=624327" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100113326", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100113326" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "DSA-2094", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2094" - }, - { - "name" : "MDVSA-2010:172", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172" - }, - { - "name" : "MDVSA-2010:247", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:247" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "RHSA-2010:0723", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0723.html" - }, - { - "name" : "SUSE-SA:2010:040", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" - }, - { - "name" : "SUSE-SA:2010:054", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "42477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42477" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "ADV-2010-3117", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3117" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "kernel-stacksize-dos(61156)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kernel-stacksize-dos(61156)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61156" + }, + { + "name": "RHSA-2010:0723", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html" + }, + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "ADV-2010-3117", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3117" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "[oss-security] 20100817 Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks()", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128201627016896&w=2" + }, + { + "name": "[oss-security] 20100816 CVE request - kernel: integer overflow in ext4_ext_get_blocks()", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128192548904503&w=2" + }, + { + "name": "[oss-security] 20100816 Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks()", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128197862004376&w=2" + }, + { + "name": "SUSE-SA:2010:040", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=624327", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624327" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "MDVSA-2010:247", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:247" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100113326", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100113326" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34" + }, + { + "name": "DSA-2094", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2094" + }, + { + "name": "42477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42477" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731eb1a03a8445cde2cb23ecfb3580c6fa7bb690", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731eb1a03a8445cde2cb23ecfb3580c6fa7bb690" + }, + { + "name": "SUSE-SA:2010:054", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html" + }, + { + "name": "MDVSA-2010:172", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3321.json b/2010/3xxx/CVE-2010-3321.json index d603ed65e74..042ecdffdbf 100644 --- a/2010/3xxx/CVE-2010-3321.json +++ b/2010/3xxx/CVE-2010-3321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2010-3321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101006 ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSAR Authentication Client when storing secret key objects on an RSA SecurIDR 800 Authenticator", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514153/100/0/threaded" - }, - { - "name" : "43795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43795" + }, + { + "name": "20101006 ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSAR Authentication Client when storing secret key objects on an RSA SecurIDR 800 Authenticator", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514153/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3323.json b/2010/3xxx/CVE-2010-3323.json index 4c9d78ce25c..f0d024d67a6 100644 --- a/2010/3xxx/CVE-2010-3323.json +++ b/2010/3xxx/CVE-2010-3323.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAFQ6", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAFQ6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAAFQ6", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAFQ6" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3349.json b/2010/3xxx/CVE-2010-3349.json index daa02cd275f..647d8a722a5 100644 --- a/2010/3xxx/CVE-2010-3349.json +++ b/2010/3xxx/CVE-2010-3349.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598283", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598283" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=638365", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=638365" - }, - { - "name" : "FEDORA-2010-15499", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049373.html" - }, - { - "name" : "FEDORA-2010-15510", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049377.html" - }, - { - "name" : "FEDORA-2010-15560", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049333.html" - }, - { - "name" : "44106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44106" - }, - { - "name" : "41872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41872" - }, - { - "name" : "ADV-2010-2678", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=638365", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638365" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598283", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598283" + }, + { + "name": "FEDORA-2010-15560", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049333.html" + }, + { + "name": "FEDORA-2010-15510", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049377.html" + }, + { + "name": "44106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44106" + }, + { + "name": "ADV-2010-2678", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2678" + }, + { + "name": "FEDORA-2010-15499", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049373.html" + }, + { + "name": "41872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41872" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3457.json b/2010/3xxx/CVE-2010-3457.json index 89e7ea55af1..4c05937bb23 100644 --- a/2010/3xxx/CVE-2010-3457.json +++ b/2010/3xxx/CVE-2010-3457.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14968", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14968" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/symphony-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/symphony-sqlxss.txt" - }, - { - "name" : "43180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43180" - }, - { - "name" : "41379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41379" - }, - { - "name" : "symphony-fieldswebsite-xss(61750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43180" + }, + { + "name": "41379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41379" + }, + { + "name": "symphony-fieldswebsite-xss(61750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61750" + }, + { + "name": "14968", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14968" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/symphony-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/symphony-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4110.json b/2010/4xxx/CVE-2010-4110.json index 32ce96f3313..4840552e383 100644 --- a/2010/4xxx/CVE-2010-4110.json +++ b/2010/4xxx/CVE-2010-4110.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-4110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBOV02618", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129243663611240&w=2" - }, - { - "name" : "SSRT100354", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129243663611240&w=2" - }, - { - "name" : "45416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45416" - }, - { - "name" : "1024892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024892" - }, - { - "name" : "42610", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42610" - }, - { - "name" : "ADV-2010-3247", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100354", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129243663611240&w=2" + }, + { + "name": "42610", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42610" + }, + { + "name": "1024892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024892" + }, + { + "name": "45416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45416" + }, + { + "name": "HPSBOV02618", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129243663611240&w=2" + }, + { + "name": "ADV-2010-3247", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3247" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4796.json b/2010/4xxx/CVE-2010-4796.json index c6e35d12186..3f005d2989d 100644 --- a/2010/4xxx/CVE-2010-4796.json +++ b/2010/4xxx/CVE-2010-4796.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bbs.wolvez.org/viewtopic.php?id=172", - "refsource" : "MISC", - "url" : "http://bbs.wolvez.org/viewtopic.php?id=172" - }, - { - "name" : "43907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43907" - }, - { - "name" : "41756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41756" - }, - { - "name" : "phpyun-multiple-sql-injection(62391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41756" + }, + { + "name": "phpyun-multiple-sql-injection(62391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62391" + }, + { + "name": "http://bbs.wolvez.org/viewtopic.php?id=172", + "refsource": "MISC", + "url": "http://bbs.wolvez.org/viewtopic.php?id=172" + }, + { + "name": "43907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43907" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4849.json b/2010/4xxx/CVE-2010-4849.json index 0fbc32b019a..fdb3b883a1a 100644 --- a/2010/4xxx/CVE-2010-4849.json +++ b/2010/4xxx/CVE-2010-4849.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15650", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15650" - }, - { - "name" : "45130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15650", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15650" + }, + { + "name": "45130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45130" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1380.json b/2011/1xxx/CVE-2011-1380.json index 4a1324b9ae2..1540c80d33c 100644 --- a/2011/1xxx/CVE-2011-1380.json +++ b/2011/1xxx/CVE-2011-1380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1380", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1380", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1747.json b/2011/1xxx/CVE-2011-1747.json index ee738aea0d4..45792e2c818 100644 --- a/2011/1xxx/CVE-2011-1747.json +++ b/2011/1xxx/CVE-2011-1747.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20110414 [PATCH] char: agp: fix OOM and buffer overflow", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/4/14/294" - }, - { - "name" : "[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/21/4" - }, - { - "name" : "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/22/7" - }, - { - "name" : "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/22/8" - }, - { - "name" : "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/22/9" - }, - { - "name" : "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/22/11" - }, - { - "name" : "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/22/10" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=698999", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=698999" - }, - { - "name" : "47832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47832" - }, - { - "name" : "1025441", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/22/8" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355" + }, + { + "name": "1025441", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025441" + }, + { + "name": "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/22/11" + }, + { + "name": "[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/21/4" + }, + { + "name": "47832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47832" + }, + { + "name": "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/22/7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=698999", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698999" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5" + }, + { + "name": "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/22/9" + }, + { + "name": "[linux-kernel] 20110414 [PATCH] char: agp: fix OOM and buffer overflow", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/4/14/294" + }, + { + "name": "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/22/10" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1755.json b/2011/1xxx/CVE-2011-1755.json index 2d6b5c3062e..bb00019e72d 100644 --- a/2011/1xxx/CVE-2011-1755.json +++ b/2011/1xxx/CVE-2011-1755.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[jabberd2] 20110531 jabberd-2.2.14 release", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg01655.html" - }, - { - "name" : "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=700390", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=700390" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "FEDORA-2011-7801", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html" - }, - { - "name" : "FEDORA-2011-7805", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html" - }, - { - "name" : "FEDORA-2011-7818", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html" - }, - { - "name" : "RHSA-2011:0881", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0881.html" - }, - { - "name" : "RHSA-2011:0882", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0882.html" - }, - { - "name" : "SUSE-SU-2011:0741", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/9197650" - }, - { - "name" : "48250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48250" - }, - { - "name" : "44787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44787" - }, - { - "name" : "45112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45112" - }, - { - "name" : "44957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44957" - }, - { - "name" : "jabberd-xml-entity-dos(67770)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jabberd-xml-entity-dos(67770)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67770" + }, + { + "name": "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog", + "refsource": "CONFIRM", + "url": "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog" + }, + { + "name": "44957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44957" + }, + { + "name": "44787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44787" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "FEDORA-2011-7801", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html" + }, + { + "name": "RHSA-2011:0881", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0881.html" + }, + { + "name": "SUSE-SU-2011:0741", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/9197650" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=700390", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700390" + }, + { + "name": "FEDORA-2011-7805", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html" + }, + { + "name": "RHSA-2011:0882", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0882.html" + }, + { + "name": "48250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48250" + }, + { + "name": "FEDORA-2011-7818", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "45112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45112" + }, + { + "name": "[jabberd2] 20110531 jabberd-2.2.14 release", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg01655.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1848.json b/2011/1xxx/CVE-2011-1848.json index 1cfd772019b..1c8494eb469 100644 --- a/2011/1xxx/CVE-2011-1848.json +++ b/2011/1xxx/CVE-2011-1848.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-160/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-160/" - }, - { - "name" : "HPSBGN02680", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" - }, - { - "name" : "SSRT100361", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" - }, - { - "name" : "47789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47789" - }, - { - "name" : "1025519", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN02680", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" + }, + { + "name": "1025519", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025519" + }, + { + "name": "SSRT100361", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-160/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-160/" + }, + { + "name": "47789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47789" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5174.json b/2011/5xxx/CVE-2011-5174.json index 20b14f5809f..897ce34495f 100644 --- a/2011/5xxx/CVE-2011-5174.json +++ b/2011/5xxx/CVE-2011-5174.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://theinvisiblethings.blogspot.com/2011/12/exploring-new-lands-on-intel-cpus-sinit.html", - "refsource" : "MISC", - "url" : "http://theinvisiblethings.blogspot.com/2011/12/exploring-new-lands-on-intel-cpus-sinit.html" - }, - { - "name" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr" - }, - { - "name" : "77554", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77554" - }, - { - "name" : "47096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47096" - }, - { - "name" : "intel-sinit-bo(71625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47096" + }, + { + "name": "77554", + "refsource": "OSVDB", + "url": "http://osvdb.org/77554" + }, + { + "name": "http://theinvisiblethings.blogspot.com/2011/12/exploring-new-lands-on-intel-cpus-sinit.html", + "refsource": "MISC", + "url": "http://theinvisiblethings.blogspot.com/2011/12/exploring-new-lands-on-intel-cpus-sinit.html" + }, + { + "name": "intel-sinit-bo(71625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71625" + }, + { + "name": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr", + "refsource": "CONFIRM", + "url": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3168.json b/2014/3xxx/CVE-2014-3168.json index 1094bf6a4c9..2878a2fcd34 100644 --- a/2014/3xxx/CVE-2014-3168.json +++ b/2014/3xxx/CVE-2014-3168.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html" - }, - { - "name" : "https://crbug.com/369860", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/369860" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=174338&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=174338&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=174923&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=174923&view=revision" - }, - { - "name" : "DSA-3039", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3039" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "openSUSE-SU-2014:1151", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html" - }, - { - "name" : "69398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69398" - }, - { - "name" : "1030767", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030767" - }, - { - "name" : "60424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60424" - }, - { - "name" : "61482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61482" - }, - { - "name" : "60268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60268" - }, - { - "name" : "google-chrome-cve20143168-code-exec(95468)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://src.chromium.org/viewvc/blink?revision=174923&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=174923&view=revision" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html" + }, + { + "name": "60424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60424" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=174338&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=174338&view=revision" + }, + { + "name": "google-chrome-cve20143168-code-exec(95468)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95468" + }, + { + "name": "61482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61482" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "https://crbug.com/369860", + "refsource": "CONFIRM", + "url": "https://crbug.com/369860" + }, + { + "name": "openSUSE-SU-2014:1151", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html" + }, + { + "name": "60268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60268" + }, + { + "name": "69398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69398" + }, + { + "name": "1030767", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030767" + }, + { + "name": "DSA-3039", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3039" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3574.json b/2014/3xxx/CVE-2014-3574.json index 88b6cde4604..6176bc80e17 100644 --- a/2014/3xxx/CVE-2014-3574.json +++ b/2014/3xxx/CVE-2014-3574.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://poi.apache.org/changes.html", - "refsource" : "CONFIRM", - "url" : "http://poi.apache.org/changes.html" - }, - { - "name" : "http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt" - }, - { - "name" : "https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations", - "refsource" : "CONFIRM", - "url" : "https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21996759", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21996759" - }, - { - "name" : "RHSA-2014:1370", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1370.html" - }, - { - "name" : "RHSA-2014:1398", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1398.html" - }, - { - "name" : "RHSA-2014:1399", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1399.html" - }, - { - "name" : "RHSA-2014:1400", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1400.html" - }, - { - "name" : "69648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69648" - }, - { - "name" : "60419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60419" - }, - { - "name" : "59943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59943" - }, - { - "name" : "61766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61766" - }, - { - "name" : "apache-poi-cve20143574-dos(95768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21996759", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996759" + }, + { + "name": "69648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69648" + }, + { + "name": "http://poi.apache.org/changes.html", + "refsource": "CONFIRM", + "url": "http://poi.apache.org/changes.html" + }, + { + "name": "61766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61766" + }, + { + "name": "https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations", + "refsource": "CONFIRM", + "url": "https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations" + }, + { + "name": "RHSA-2014:1370", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1370.html" + }, + { + "name": "http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt" + }, + { + "name": "60419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60419" + }, + { + "name": "apache-poi-cve20143574-dos(95768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95768" + }, + { + "name": "RHSA-2014:1400", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1400.html" + }, + { + "name": "RHSA-2014:1398", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1398.html" + }, + { + "name": "59943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59943" + }, + { + "name": "RHSA-2014:1399", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1399.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3707.json b/2014/3xxx/CVE-2014-3707.json index 888051baa76..df334ab6148 100644 --- a/2014/3xxx/CVE-2014-3707.json +++ b/2014/3xxx/CVE-2014-3707.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://curl.haxx.se/docs/adv_20141105.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20141105.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "DSA-3069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3069" - }, - { - "name" : "RHSA-2015:1254", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1254.html" - }, - { - "name" : "openSUSE-SU-2015:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html" - }, - { - "name" : "USN-2399-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2399-1" - }, - { - "name" : "70988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "DSA-3069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3069" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "USN-2399-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2399-1" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "RHSA-2015:1254", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1254.html" + }, + { + "name": "70988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70988" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743" + }, + { + "name": "openSUSE-SU-2015:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "http://curl.haxx.se/docs/adv_20141105.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20141105.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3825.json b/2014/3xxx/CVE-2014-3825.json index ade04ea6cab..9a2661f3201 100644 --- a/2014/3xxx/CVE-2014-3825.json +++ b/2014/3xxx/CVE-2014-3825.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10650", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10650" - }, - { - "name" : "1031007", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10650", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10650" + }, + { + "name": "1031007", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031007" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7173.json b/2014/7xxx/CVE-2014-7173.json index 86057d4acd5..b6cc5821a59 100644 --- a/2014/7xxx/CVE-2014-7173.json +++ b/2014/7xxx/CVE-2014-7173.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7173", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7879.json b/2014/7xxx/CVE-2014-7879.json index 00e2090dc23..7221b756e04 100644 --- a/2014/7xxx/CVE-2014-7879.json +++ b/2014/7xxx/CVE-2014-7879.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-7879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX03166", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04511778" - }, - { - "name" : "SSRT101489", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04511778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101489", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04511778" + }, + { + "name": "HPSBUX03166", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04511778" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8010.json b/2014/8xxx/CVE-2014-8010.json index 779f0d07291..dca38385ff5 100644 --- a/2014/8xxx/CVE-2014-8010.json +++ b/2014/8xxx/CVE-2014-8010.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141209 Cisco Unified Communications Domain Manager Blind Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8010" - }, - { - "name" : "1031339", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031339", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031339" + }, + { + "name": "20141209 Cisco Unified Communications Domain Manager Blind Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8010" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8245.json b/2014/8xxx/CVE-2014-8245.json index 122d03e28a6..b358e80555c 100644 --- a/2014/8xxx/CVE-2014-8245.json +++ b/2014/8xxx/CVE-2014-8245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8245", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8245", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8472.json b/2014/8xxx/CVE-2014-8472.json index 77b613fb594..c9471e62caa 100644 --- a/2014/8xxx/CVE-2014-8472.json +++ b/2014/8xxx/CVE-2014-8472.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx" - }, - { - "name" : "70923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70923" - }, - { - "name" : "1031214", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031214" - }, - { - "name" : "ca-cloud-cve20148472-sec-bypass(98535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70923" + }, + { + "name": "ca-cloud-cve20148472-sec-bypass(98535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98535" + }, + { + "name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx", + "refsource": "CONFIRM", + "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx" + }, + { + "name": "1031214", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031214" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9198.json b/2014/9xxx/CVE-2014-9198.json index 0d1b49b9a95..d3636d9ae87 100644 --- a/2014/9xxx/CVE-2014-9198.json +++ b/2014/9xxx/CVE-2014-9198.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-9198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9448.json b/2014/9xxx/CVE-2014-9448.json index f3997d9b4bd..b6d9b30e31b 100644 --- a/2014/9xxx/CVE-2014-9448.json +++ b/2014/9xxx/CVE-2014-9448.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35105", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35105" - }, - { - "name" : "35377", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35377" - }, - { - "name" : "81080", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/81080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35377", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35377" + }, + { + "name": "35105", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35105" + }, + { + "name": "81080", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/81080" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9729.json b/2014/9xxx/CVE-2014-9729.json index ad1d8645ac3..d57043b85bf 100644 --- a/2014/9xxx/CVE-2014-9729.json +++ b/2014/9xxx/CVE-2014-9729.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/02/7" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228229", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228229" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58" - }, - { - "name" : "SUSE-SU-2015:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1611", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:1224", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" - }, - { - "name" : "SUSE-SU-2015:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" - }, - { - "name" : "openSUSE-SU-2015:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" - }, - { - "name" : "74964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/02/7" + }, + { + "name": "SUSE-SU-2015:1611", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" + }, + { + "name": "SUSE-SU-2015:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228229", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228229" + }, + { + "name": "74964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74964" + }, + { + "name": "openSUSE-SU-2015:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2" + }, + { + "name": "SUSE-SU-2015:1224", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" + }, + { + "name": "SUSE-SU-2015:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9933.json b/2014/9xxx/CVE-2014-9933.json index bf28de95c52..f3e1a8dbbaa 100644 --- a/2014/9xxx/CVE-2014-9933.json +++ b/2014/9xxx/CVE-2014-9933.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm Products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm Products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97329" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97329" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9947.json b/2014/9xxx/CVE-2014-9947.json index 5ae8ebd0f7e..eb49969ab35 100644 --- a/2014/9xxx/CVE-2014-9947.json +++ b/2014/9xxx/CVE-2014-9947.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Vulnerability in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Vulnerability in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98248" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2320.json b/2016/2xxx/CVE-2016-2320.json index 5336f4c10b6..2e7d3dbd983 100644 --- a/2016/2xxx/CVE-2016-2320.json +++ b/2016/2xxx/CVE-2016-2320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2320", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2320", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2335.json b/2016/2xxx/CVE-2016-2335.json index d5f16f8ac2d..0095f01ceb5 100644 --- a/2016/2xxx/CVE-2016-2335.json +++ b/2016/2xxx/CVE-2016-2335.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintel.com/reports/TALOS-2016-0094/", - "refsource" : "MISC", - "url" : "http://www.talosintel.com/reports/TALOS-2016-0094/" - }, - { - "name" : "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html" - }, - { - "name" : "DSA-3599", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3599" - }, - { - "name" : "FEDORA-2016-430bc0f808", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/" - }, - { - "name" : "FEDORA-2016-bbcb0e4eb4", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/" - }, - { - "name" : "GLSA-201701-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-27" - }, - { - "name" : "openSUSE-SU-2016:1464", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:1850", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00069.html" - }, - { - "name" : "openSUSE-SU-2016:1675", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00098.html" - }, - { - "name" : "90531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90531" - }, - { - "name" : "1035876", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1850", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00069.html" + }, + { + "name": "FEDORA-2016-bbcb0e4eb4", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/" + }, + { + "name": "openSUSE-SU-2016:1464", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00004.html" + }, + { + "name": "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html", + "refsource": "MISC", + "url": "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html" + }, + { + "name": "90531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90531" + }, + { + "name": "GLSA-201701-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-27" + }, + { + "name": "1035876", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035876" + }, + { + "name": "openSUSE-SU-2016:1675", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00098.html" + }, + { + "name": "http://www.talosintel.com/reports/TALOS-2016-0094/", + "refsource": "MISC", + "url": "http://www.talosintel.com/reports/TALOS-2016-0094/" + }, + { + "name": "DSA-3599", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3599" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html" + }, + { + "name": "FEDORA-2016-430bc0f808", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2507.json b/2016/2xxx/CVE-2016-2507.json index 4eb48fdfa60..ad9e427c9e3 100644 --- a/2016/2xxx/CVE-2016-2507.json +++ b/2016/2xxx/CVE-2016-2507.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/60547808ca4e9cfac50028c00c58a6ceb2319301", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/60547808ca4e9cfac50028c00c58a6ceb2319301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/60547808ca4e9cfac50028c00c58a6ceb2319301", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/60547808ca4e9cfac50028c00c58a6ceb2319301" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2640.json b/2016/2xxx/CVE-2016-2640.json index 5bbfa9dbf15..fde2c6d093b 100644 --- a/2016/2xxx/CVE-2016-2640.json +++ b/2016/2xxx/CVE-2016-2640.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2640", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2640", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2824.json b/2016/2xxx/CVE-2016-2824.json index 2e00e1f51a4..79b472041dc 100644 --- a/2016/2xxx/CVE-2016-2824.json +++ b/2016/2xxx/CVE-2016-2824.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-53.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-53.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1248580", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1248580" - }, - { - "name" : "openSUSE-SU-2016:1552", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1557", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:1691", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" - }, - { - "name" : "91075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91075" - }, - { - "name" : "1036057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036057" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248580", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248580" + }, + { + "name": "openSUSE-SU-2016:1557", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-53.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-53.html" + }, + { + "name": "openSUSE-SU-2016:1552", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" + }, + { + "name": "SUSE-SU-2016:1691", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" + }, + { + "name": "91075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91075" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6147.json b/2016/6xxx/CVE-2016-6147.json index 9bd646419f4..f51161374f7 100644 --- a/2016/6xxx/CVE-2016-6147.json +++ b/2016/6xxx/CVE-2016-6147.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160819 Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/94" - }, - { - "name" : "https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016" - }, - { - "name" : "https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0" - }, - { - "name" : "http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html" - }, - { - "name" : "92066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92066" + }, + { + "name": "https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016", + "refsource": "MISC", + "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016" + }, + { + "name": "20160819 Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/94" + }, + { + "name": "http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html" + }, + { + "name": "https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0", + "refsource": "MISC", + "url": "https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6398.json b/2016/6xxx/CVE-2016-6398.json index d3f257d2e52..3bc7f9569fb 100644 --- a/2016/6xxx/CVE-2016-6398.json +++ b/2016/6xxx/CVE-2016-6398.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160902 Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160902-ios" - }, - { - "name" : "92734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92734" - }, - { - "name" : "1036732", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92734" + }, + { + "name": "1036732", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036732" + }, + { + "name": "20160902 Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160902-ios" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6643.json b/2016/6xxx/CVE-2016-6643.json index 28a0773874e..e0645b4db10 100644 --- a/2016/6xxx/CVE-2016-6643.json +++ b/2016/6xxx/CVE-2016-6643.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-6643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160913 ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Sep/17" - }, - { - "name" : "92945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92945" + }, + { + "name": "20160913 ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Sep/17" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6941.json b/2016/6xxx/CVE-2016-6941.json index 7b868d1db91..58a1e952914 100644 --- a/2016/6xxx/CVE-2016-6941.json +++ b/2016/6xxx/CVE-2016-6941.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7018.json b/2016/7xxx/CVE-2016-7018.json index 2316b4d67f8..9f11d07911d 100644 --- a/2016/7xxx/CVE-2016-7018.json +++ b/2016/7xxx/CVE-2016-7018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7402.json b/2016/7xxx/CVE-2016-7402.json index 80ba05098c5..60d7a46da19 100644 --- a/2016/7xxx/CVE-2016-7402.json +++ b/2016/7xxx/CVE-2016-7402.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-017/?fid=8409", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-017/?fid=8409" - }, - { - "name" : "92950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-017/?fid=8409", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-017/?fid=8409" + }, + { + "name": "92950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92950" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5512.json b/2017/5xxx/CVE-2017-5512.json index 86e2801d544..a5dba250021 100644 --- a/2017/5xxx/CVE-2017-5512.json +++ b/2017/5xxx/CVE-2017-5512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5712.json b/2017/5xxx/CVE-2017-5712.json index b70a05cdc18..27db154e09b 100644 --- a/2017/5xxx/CVE-2017-5712.json +++ b/2017/5xxx/CVE-2017-5712.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-11-20T00:00:00", - "ID" : "CVE-2017-5712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Active Management Technology", - "version" : { - "version_data" : [ - { - "version_value" : "8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-11-20T00:00:00", + "ID": "CVE-2017-5712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Active Management Technology", + "version": { + "version_data": [ + { + "version_value": "8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171120-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171120-0001/" - }, - { - "name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0", - "refsource" : "CONFIRM", - "url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" - }, - { - "name" : "101920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101920" - }, - { - "name" : "1039852", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171120-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171120-0001/" + }, + { + "name": "1039852", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039852" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" + }, + { + "name": "101920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101920" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" + }, + { + "name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0", + "refsource": "CONFIRM", + "url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0" + } + ] + } +} \ No newline at end of file