diff --git a/2006/3xxx/CVE-2006-3023.json b/2006/3xxx/CVE-2006-3023.json index 6ec7c0823c9..042e2941edb 100644 --- a/2006/3xxx/CVE-2006-3023.json +++ b/2006/3xxx/CVE-2006-3023.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/uphotogallery-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/uphotogallery-xss-vuln.html" - }, - { - "name" : "ADV-2006-2307", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2307" - }, - { - "name" : "20606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20606" - }, - { - "name" : "uphotogallery-thumbnails-xss(27034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20606" + }, + { + "name": "uphotogallery-thumbnails-xss(27034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27034" + }, + { + "name": "ADV-2006-2307", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2307" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/uphotogallery-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/uphotogallery-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3099.json b/2006/3xxx/CVE-2006-3099.json index 93c82847788..9b8f0f63282 100644 --- a/2006/3xxx/CVE-2006-3099.json +++ b/2006/3xxx/CVE-2006-3099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3099", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3099", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3636.json b/2006/3xxx/CVE-2006-3636.json index 8e94fcb214e..f2a129e4bd5 100644 --- a/2006/3xxx/CVE-2006-3636.json +++ b/2006/3xxx/CVE-2006-3636.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060913 Mailman 2.1.8 Multiple Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445992/100/0/threaded" - }, - { - "name" : "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9", - "refsource" : "MLIST", - "url" : "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html" - }, - { - "name" : "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt", - "refsource" : "MISC", - "url" : "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295" - }, - { - "name" : "DSA-1188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1188" - }, - { - "name" : "GLSA-200609-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-12.xml" - }, - { - "name" : "MDKSA-2006:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165" - }, - { - "name" : "RHSA-2006:0600", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0600.html" - }, - { - "name" : "SUSE-SR:2006:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_25_sr.html" - }, - { - "name" : "USN-345-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-345-1" - }, - { - "name" : "19831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19831" - }, - { - "name" : "20021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20021" - }, - { - "name" : "oval:org.mitre.oval:def:10553", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553" - }, - { - "name" : "ADV-2006-3446", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3446" - }, - { - "name" : "1016808", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016808" - }, - { - "name" : "21732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21732" - }, - { - "name" : "21792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21792" - }, - { - "name" : "21879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21879" - }, - { - "name" : "22011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22011" - }, - { - "name" : "22020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22020" - }, - { - "name" : "22227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22227" - }, - { - "name" : "22639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22639" - }, - { - "name" : "mailman-unspecified-xss(28731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3446", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3446" + }, + { + "name": "DSA-1188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1188" + }, + { + "name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9", + "refsource": "MLIST", + "url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html" + }, + { + "name": "19831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19831" + }, + { + "name": "22639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22639" + }, + { + "name": "1016808", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016808" + }, + { + "name": "21879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21879" + }, + { + "name": "20021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20021" + }, + { + "name": "oval:org.mitre.oval:def:10553", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553" + }, + { + "name": "USN-345-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-345-1" + }, + { + "name": "GLSA-200609-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-12.xml" + }, + { + "name": "20060913 Mailman 2.1.8 Multiple Security Issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded" + }, + { + "name": "22227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22227" + }, + { + "name": "SUSE-SR:2006:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html" + }, + { + "name": "MDKSA-2006:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165" + }, + { + "name": "21792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21792" + }, + { + "name": "RHSA-2006:0600", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295" + }, + { + "name": "21732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21732" + }, + { + "name": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt", + "refsource": "MISC", + "url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt" + }, + { + "name": "22011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22011" + }, + { + "name": "22020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22020" + }, + { + "name": "mailman-unspecified-xss(28731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3858.json b/2006/3xxx/CVE-2006-3858.json index 8edf9108c24..3da2ba09382 100644 --- a/2006/3xxx/CVE-2006-3858.json +++ b/2006/3xxx/CVE-2006-3858.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 Informix - Discovery, Attack and Defense", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded" - }, - { - "name" : "20060814 Multiple Password Exposures Flaws", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443195/100/0/threaded" - }, - { - "name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", - "refsource" : "MISC", - "url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" - }, - { - "name" : "19264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19264" - }, - { - "name" : "ADV-2006-3077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3077" - }, - { - "name" : "27691", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27691" - }, - { - "name" : "21301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21301" - }, - { - "name" : "informix-plaintext-password(28132)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" + }, + { + "name": "20060814 Informix - Discovery, Attack and Defense", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded" + }, + { + "name": "20060814 Multiple Password Exposures Flaws", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443195/100/0/threaded" + }, + { + "name": "informix-plaintext-password(28132)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132" + }, + { + "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", + "refsource": "MISC", + "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" + }, + { + "name": "21301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21301" + }, + { + "name": "19264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19264" + }, + { + "name": "27691", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27691" + }, + { + "name": "ADV-2006-3077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3077" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3880.json b/2006/3xxx/CVE-2006-3880.json index 8d326d82a65..06f812fe96a 100644 --- a/2006/3xxx/CVE-2006-3880.json +++ b/2006/3xxx/CVE-2006-3880.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated \"Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060724 Windows XP/NT/SMB2003/2000 Denial of Service attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441007/100/0/threaded" - }, - { - "name" : "19135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19135" - }, - { - "name" : "1282", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated \"Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19135" + }, + { + "name": "20060724 Windows XP/NT/SMB2003/2000 Denial of Service attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441007/100/0/threaded" + }, + { + "name": "1282", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1282" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3882.json b/2006/3xxx/CVE-2006-3882.json index 508994db4b4..fa50b2b2e26 100644 --- a/2006/3xxx/CVE-2006-3882.json +++ b/2006/3xxx/CVE-2006-3882.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060724 MusicBox <= 2.3.4 XSS SQL injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441000/100/0/threaded" - }, - { - "name" : "1284", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1284", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1284" + }, + { + "name": "20060724 MusicBox <= 2.3.4 XSS SQL injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441000/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4096.json b/2006/4xxx/CVE-2006-4096.json index c3f94b261ce..902aedd3ef4 100644 --- a/2006/4xxx/CVE-2006-4096.json +++ b/2006/4xxx/CVE-2006-4096.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060908 rPSA-2006-0166-1 bind bind-utils", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445600/100/0/threaded" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-626", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-626" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305530", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305530" - }, - { - "name" : "IY89169", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89169" - }, - { - "name" : "IY89178", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89178" - }, - { - "name" : "APPLE-SA-2007-05-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" - }, - { - "name" : "DSA-1172", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1172" - }, - { - "name" : "FreeBSD-SA-06:20.bind", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc" - }, - { - "name" : "GLSA-200609-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-11.xml" - }, - { - "name" : "HPSBTU02207", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" - }, - { - "name" : "SSRT061213", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" - }, - { - "name" : "SSRT061239", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" - }, - { - "name" : "SSRT071304", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" - }, - { - "name" : "HPSBOV03226", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879471518471&w=2" - }, - { - "name" : "SSRT101004", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879471518471&w=2" - }, - { - "name" : "MDKSA-2006:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:163" - }, - { - "name" : "[3.9] 20060908 010: SECURITY FIX: September 8, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html" - }, - { - "name" : "OpenPKG-SA-2006.019", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.019.html" - }, - { - "name" : "SSA:2006-257-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.481241" - }, - { - "name" : "SUSE-SR:2006:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html" - }, - { - "name" : "SUSE-SR:2006:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_24_sr.html" - }, - { - "name" : "USN-343-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-343-1" - }, - { - "name" : "VU#697164", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/697164" - }, - { - "name" : "19859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19859" - }, - { - "name" : "oval:org.mitre.oval:def:9623", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9623" - }, - { - "name" : "ADV-2006-3473", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3473" - }, - { - "name" : "ADV-2006-3511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3511" - }, - { - "name" : "ADV-2007-1401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1401" - }, - { - "name" : "ADV-2007-1939", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1939" - }, - { - "name" : "1016794", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016794" - }, - { - "name" : "21752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21752" - }, - { - "name" : "21816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21816" - }, - { - "name" : "21786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21786" - }, - { - "name" : "21790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21790" - }, - { - "name" : "21818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21818" - }, - { - "name" : "21828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21828" - }, - { - "name" : "21835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21835" - }, - { - "name" : "21838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21838" - }, - { - "name" : "21912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21912" - }, - { - "name" : "21926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21926" - }, - { - "name" : "22298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22298" - }, - { - "name" : "24950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24950" - }, - { - "name" : "25402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25402" - }, - { - "name" : "bind-recursive-insist-dos(28744)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=305530", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305530" + }, + { + "name": "21835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21835" + }, + { + "name": "OpenPKG-SA-2006.019", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.019.html" + }, + { + "name": "ADV-2007-1939", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1939" + }, + { + "name": "FreeBSD-SA-06:20.bind", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc" + }, + { + "name": "HPSBOV03226", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2" + }, + { + "name": "20060908 rPSA-2006-0166-1 bind bind-utils", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445600/100/0/threaded" + }, + { + "name": "SSRT071304", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en" + }, + { + "name": "SUSE-SR:2006:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" + }, + { + "name": "SSRT101004", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2" + }, + { + "name": "21786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21786" + }, + { + "name": "IY89178", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89178" + }, + { + "name": "SUSE-SR:2006:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html" + }, + { + "name": "APPLE-SA-2007-05-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" + }, + { + "name": "25402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25402" + }, + { + "name": "MDKSA-2006:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:163" + }, + { + "name": "https://issues.rpath.com/browse/RPL-626", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-626" + }, + { + "name": "21818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21818" + }, + { + "name": "USN-343-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-343-1" + }, + { + "name": "21838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21838" + }, + { + "name": "22298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22298" + }, + { + "name": "19859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19859" + }, + { + "name": "21816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21816" + }, + { + "name": "IY89169", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89169" + }, + { + "name": "SSRT061213", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" + }, + { + "name": "21912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21912" + }, + { + "name": "21926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21926" + }, + { + "name": "21790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21790" + }, + { + "name": "[3.9] 20060908 010: SECURITY FIX: September 8, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html" + }, + { + "name": "ADV-2006-3511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3511" + }, + { + "name": "oval:org.mitre.oval:def:9623", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9623" + }, + { + "name": "SSA:2006-257-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.481241" + }, + { + "name": "SSRT061239", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" + }, + { + "name": "ADV-2006-3473", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3473" + }, + { + "name": "VU#697164", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/697164" + }, + { + "name": "DSA-1172", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1172" + }, + { + "name": "ADV-2007-1401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1401" + }, + { + "name": "bind-recursive-insist-dos(28744)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28744" + }, + { + "name": "21828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21828" + }, + { + "name": "HPSBTU02207", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" + }, + { + "name": "21752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21752" + }, + { + "name": "1016794", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016794" + }, + { + "name": "24950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24950" + }, + { + "name": "GLSA-200609-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-11.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4189.json b/2006/4xxx/CVE-2006-4189.json index 2ab0c79cf9b..f847012b9a5 100644 --- a/2006/4xxx/CVE-2006-4189.json +++ b/2006/4xxx/CVE-2006-4189.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21182" - }, - { - "name" : "ADV-2006-3346", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3346" - }, - { - "name" : "28473", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28473" - }, - { - "name" : "28474", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28474" - }, - { - "name" : "28478", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28478" - }, - { - "name" : "28479", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28479" - }, - { - "name" : "28492", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28492" - }, - { - "name" : "28496", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28496" - }, - { - "name" : "28501", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28501" - }, - { - "name" : "28502", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28502" - }, - { - "name" : "28503", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28503" - }, - { - "name" : "28504", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28504" - }, - { - "name" : "28510", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28510" - }, - { - "name" : "28485", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28485" - }, - { - "name" : "28493", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28493" - }, - { - "name" : "28498", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28498" - }, - { - "name" : "28499", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28499" - }, - { - "name" : "28500", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28500" - }, - { - "name" : "28505", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28505" - }, - { - "name" : "28506", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28506" - }, - { - "name" : "28507", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28507" - }, - { - "name" : "28508", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28508" - }, - { - "name" : "28509", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28509" - }, - { - "name" : "28511", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28511" - }, - { - "name" : "28512", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28512" - }, - { - "name" : "28513", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28513" - }, - { - "name" : "28514", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28514" - }, - { - "name" : "28515", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28515" - }, - { - "name" : "28516", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28516" - }, - { - "name" : "28517", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28517" - }, - { - "name" : "28519", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28519" - }, - { - "name" : "28520", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28520" - }, - { - "name" : "28521", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28521" - }, - { - "name" : "28522", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28522" - }, - { - "name" : "28523", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28523" - }, - { - "name" : "28524", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28524" - }, - { - "name" : "28525", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28525" - }, - { - "name" : "28526", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28526" - }, - { - "name" : "28527", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28527" - }, - { - "name" : "28528", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28528" - }, - { - "name" : "28529", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28529" - }, - { - "name" : "28530", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28530" - }, - { - "name" : "1016692", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016692" - }, - { - "name" : "21535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21535" - }, - { - "name" : "dolphin-dirinc-file-include(28363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016692", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016692" + }, + { + "name": "28501", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28501" + }, + { + "name": "28492", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28492" + }, + { + "name": "21182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21182" + }, + { + "name": "28527", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28527" + }, + { + "name": "28525", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28525" + }, + { + "name": "28517", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28517" + }, + { + "name": "28499", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28499" + }, + { + "name": "28526", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28526" + }, + { + "name": "28502", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28502" + }, + { + "name": "28515", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28515" + }, + { + "name": "28511", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28511" + }, + { + "name": "28521", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28521" + }, + { + "name": "28479", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28479" + }, + { + "name": "28516", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28516" + }, + { + "name": "28508", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28508" + }, + { + "name": "28507", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28507" + }, + { + "name": "28504", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28504" + }, + { + "name": "28510", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28510" + }, + { + "name": "28514", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28514" + }, + { + "name": "28522", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28522" + }, + { + "name": "28505", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28505" + }, + { + "name": "28529", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28529" + }, + { + "name": "28500", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28500" + }, + { + "name": "28478", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28478" + }, + { + "name": "28509", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28509" + }, + { + "name": "28485", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28485" + }, + { + "name": "28512", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28512" + }, + { + "name": "28528", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28528" + }, + { + "name": "28513", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28513" + }, + { + "name": "21535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21535" + }, + { + "name": "28498", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28498" + }, + { + "name": "28493", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28493" + }, + { + "name": "28523", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28523" + }, + { + "name": "28503", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28503" + }, + { + "name": "ADV-2006-3346", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3346" + }, + { + "name": "dolphin-dirinc-file-include(28363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28363" + }, + { + "name": "28496", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28496" + }, + { + "name": "28473", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28473" + }, + { + "name": "28506", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28506" + }, + { + "name": "28524", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28524" + }, + { + "name": "28520", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28520" + }, + { + "name": "28530", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28530" + }, + { + "name": "28519", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28519" + }, + { + "name": "28474", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28474" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4315.json b/2006/4xxx/CVE-2006-4315.json index de11441e410..03c3ea9c33d 100644 --- a/2006/4xxx/CVE-2006-4315.json +++ b/2006/4xxx/CVE-2006-4315.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ssh.com/company/news/2006/english/security/article/775/", - "refsource" : "CONFIRM", - "url" : "http://www.ssh.com/company/news/2006/english/security/article/775/" - }, - { - "name" : "19679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19679" - }, - { - "name" : "1016743", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016743" - }, - { - "name" : "ssh-tectia-pathname-privilege-escalation(28566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19679" + }, + { + "name": "1016743", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016743" + }, + { + "name": "http://www.ssh.com/company/news/2006/english/security/article/775/", + "refsource": "CONFIRM", + "url": "http://www.ssh.com/company/news/2006/english/security/article/775/" + }, + { + "name": "ssh-tectia-pathname-privilege-escalation(28566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4693.json b/2006/4xxx/CVE-2006-4693.json index bc233e5e951..72e14eb9e68 100644 --- a/2006/4xxx/CVE-2006-4693.json +++ b/2006/4xxx/CVE-2006-4693.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-4693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02161", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "SSRT061264", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "MS06-060", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060" - }, - { - "name" : "20387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20387" - }, - { - "name" : "ADV-2006-3979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3979" - }, - { - "name" : "29442", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29442" - }, - { - "name" : "1017032", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017032", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017032" + }, + { + "name": "SSRT061264", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "ADV-2006-3979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3979" + }, + { + "name": "29442", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29442" + }, + { + "name": "MS06-060", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060" + }, + { + "name": "20387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20387" + }, + { + "name": "HPSBST02161", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6300.json b/2006/6xxx/CVE-2006-6300.json index 8dceef7fa0b..9bf2676d365 100644 --- a/2006/6xxx/CVE-2006-6300.json +++ b/2006/6xxx/CVE-2006-6300.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061201 CuteNews 1.3.6 XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453314/100/0/threaded" - }, - { - "name" : "21403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21403" - }, - { - "name" : "1969", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1969" - }, - { - "name" : "cutenews-result-xss(30660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1969", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1969" + }, + { + "name": "21403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21403" + }, + { + "name": "cutenews-result-xss(30660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30660" + }, + { + "name": "20061201 CuteNews 1.3.6 XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453314/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6601.json b/2006/6xxx/CVE-2006-6601.json index 854c7054f25..ed0ab3b65ac 100644 --- a/2006/6xxx/CVE-2006-6601.json +++ b/2006/6xxx/CVE-2006-6601.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061215 Windows Media MID File Denial Of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454505/100/0/threaded" - }, - { - "name" : "20061215 Media .MID file DoS extra info", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-December/001182.html" - }, - { - "name" : "21612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21612" - }, - { - "name" : "ADV-2006-5039", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061215 Windows Media MID File Denial Of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454505/100/0/threaded" + }, + { + "name": "ADV-2006-5039", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5039" + }, + { + "name": "20061215 Media .MID file DoS extra info", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-December/001182.html" + }, + { + "name": "21612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21612" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6762.json b/2006/6xxx/CVE-2006-6762.json index 64d5bbb9629..342af9c3539 100644 --- a/2006/6xxx/CVE-2006-6762.json +++ b/2006/6xxx/CVE-2006-6762.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single \"(\" (parenthesis) in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061223 Novell Netmail IMAP append Denial of Service Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=455" - }, - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html" - }, - { - "name" : "VU#944273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/944273" - }, - { - "name" : "21729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21729" - }, - { - "name" : "ADV-2006-5134", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5134" - }, - { - "name" : "23437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single \"(\" (parenthesis) in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061223 Novell Netmail IMAP append Denial of Service Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=455" + }, + { + "name": "21729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21729" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html" + }, + { + "name": "VU#944273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/944273" + }, + { + "name": "ADV-2006-5134", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5134" + }, + { + "name": "23437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23437" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6865.json b/2006/6xxx/CVE-2006-6865.json index a85784b74f3..776ec0bf131 100644 --- a/2006/6xxx/CVE-2006-6865.json +++ b/2006/6xxx/CVE-2006-6865.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for \"..\" sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061230 SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455549/100/0/threaded" - }, - { - "name" : "http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html", - "refsource" : "MISC", - "url" : "http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html" - }, - { - "name" : "3046", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3046" - }, - { - "name" : "21821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21821" - }, - { - "name" : "ADV-2007-0014", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0014" - }, - { - "name" : "2094", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for \"..\" sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21821" + }, + { + "name": "3046", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3046" + }, + { + "name": "20061230 SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455549/100/0/threaded" + }, + { + "name": "ADV-2007-0014", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0014" + }, + { + "name": "http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html", + "refsource": "MISC", + "url": "http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html" + }, + { + "name": "2094", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2094" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2291.json b/2010/2xxx/CVE-2010-2291.json index cfc0db3bd1d..75b3a86b4a6 100644 --- a/2010/2xxx/CVE-2010-2291.json +++ b/2010/2xxx/CVE-2010-2291.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35", - "refsource" : "CONFIRM", - "url" : "http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35" - }, - { - "name" : "40771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40771" - }, - { - "name" : "65383", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65383" - }, - { - "name" : "37635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37635" - }, - { - "name" : "snorm-interface-security-bypass(59342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65383", + "refsource": "OSVDB", + "url": "http://osvdb.org/65383" + }, + { + "name": "snorm-interface-security-bypass(59342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59342" + }, + { + "name": "40771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40771" + }, + { + "name": "37635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37635" + }, + { + "name": "http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35", + "refsource": "CONFIRM", + "url": "http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2299.json b/2010/2xxx/CVE-2010-2299.json index 37ccf2a7217..31756430201 100644 --- a/2010/2xxx/CVE-2010-2299.json +++ b/2010/2xxx/CVE-2010-2299.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a \"Type Confusion\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=43307", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=43307" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:12099", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12099" - }, - { - "name" : "40072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a \"Type Confusion\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12099", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12099" + }, + { + "name": "40072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40072" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=43307", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=43307" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2863.json b/2010/2xxx/CVE-2010-2863.json index 9e9754c0a71..a5bfeda38c8 100644 --- a/2010/2xxx/CVE-2010-2863.json +++ b/2010/2xxx/CVE-2010-2863.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" - }, - { - "name" : "oval:org.mitre.oval:def:11522", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11522" - }, - { - "name" : "1024361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024361" - }, - { - "name" : "ADV-2010-2176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024361" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html" + }, + { + "name": "oval:org.mitre.oval:def:11522", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11522" + }, + { + "name": "ADV-2010-2176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2176" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2883.json b/2010/2xxx/CVE-2010-2883.json index 8674e2b6b72..81a7da2efd3 100644 --- a/2010/2xxx/CVE-2010-2883.json +++ b/2010/2xxx/CVE-2010-2883.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html", - "refsource" : "MISC", - "url" : "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html" - }, - { - "name" : "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx", - "refsource" : "MISC", - "url" : "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx" - }, - { - "name" : "http://www.adobe.com/support/security/advisories/apsa10-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa10-02.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TLSA-2011-2", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "VU#491991", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/491991" - }, - { - "name" : "43057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43057" - }, - { - "name" : "oval:org.mitre.oval:def:11586", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586" - }, - { - "name" : "41340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41340" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2010-2331", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2331" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - }, - { - "name" : "ADV-2011-0344", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0344" - }, - { - "name" : "adobe-reader-cooltype-code-execution(61635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "oval:org.mitre.oval:def:11586", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa10-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa10-02.html" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "ADV-2011-0344", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0344" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "ADV-2010-2331", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2331" + }, + { + "name": "VU#491991", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/491991" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "41340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41340" + }, + { + "name": "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx", + "refsource": "MISC", + "url": "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx" + }, + { + "name": "adobe-reader-cooltype-code-execution(61635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61635" + }, + { + "name": "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html", + "refsource": "MISC", + "url": "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html" + }, + { + "name": "43057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43057" + }, + { + "name": "TLSA-2011-2", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0051.json b/2011/0xxx/CVE-2011-0051.json index 70595953e04..f3703d24d11 100644 --- a/2011/0xxx/CVE-2011-0051.json +++ b/2011/0xxx/CVE-2011-0051.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=616659", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=616659" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100128655", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100128655" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100133195", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100133195" - }, - { - "name" : "MDVSA-2011:041", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041" - }, - { - "name" : "RHSA-2011:0312", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0312.html" - }, - { - "name" : "RHSA-2011:0313", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0313.html" - }, - { - "name" : "oval:org.mitre.oval:def:14211", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.avaya.com/css/P8/documents/100133195", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100133195" + }, + { + "name": "RHSA-2011:0313", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0313.html" + }, + { + "name": "oval:org.mitre.oval:def:14211", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211" + }, + { + "name": "MDVSA-2011:041", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041" + }, + { + "name": "RHSA-2011:0312", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0312.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100128655", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100128655" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=616659", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=616659" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0625.json b/2011/0xxx/CVE-2011-0625.json index cb6f29d3dcc..714b63d88a0 100644 --- a/2011/0xxx/CVE-2011-0625.json +++ b/2011/0xxx/CVE-2011-0625.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html" - }, - { - "name" : "SUSE-SA:2011:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:14077", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077" - }, - { - "name" : "oval:org.mitre.oval:def:16076", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14077", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" + }, + { + "name": "SUSE-SA:2011:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:16076", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0650.json b/2011/0xxx/CVE-2011-0650.json index 86c683d5023..24aeabb683e 100644 --- a/2011/0xxx/CVE-2011-0650.json +++ b/2011/0xxx/CVE-2011-0650.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openvas-commits] 20110203 r10151 - in trunk/gsa: . src src/html", - "refsource" : "MLIST", - "url" : "https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html" - }, - { - "name" : "[openvas-commits] 20110203 r10187 - trunk/gsa", - "refsource" : "MLIST", - "url" : "https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010242.html" - }, - { - "name" : "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515971/100/0/threaded" - }, - { - "name" : "http://www.openvas.org/OVSA20110118.html", - "refsource" : "CONFIRM", - "url" : "http://www.openvas.org/OVSA20110118.html" - }, - { - "name" : "43092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43092" - }, - { - "name" : "greenbone-unspecifed-csrf(65012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded" + }, + { + "name": "43092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43092" + }, + { + "name": "http://www.openvas.org/OVSA20110118.html", + "refsource": "CONFIRM", + "url": "http://www.openvas.org/OVSA20110118.html" + }, + { + "name": "greenbone-unspecifed-csrf(65012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65012" + }, + { + "name": "[openvas-commits] 20110203 r10151 - in trunk/gsa: . src src/html", + "refsource": "MLIST", + "url": "https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html" + }, + { + "name": "[openvas-commits] 20110203 r10187 - trunk/gsa", + "refsource": "MLIST", + "url": "https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010242.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1179.json b/2011/1xxx/CVE-2011-1179.json index 5e78df34bf8..7eded671f29 100644 --- a/2011/1xxx/CVE-2011-1179.json +++ b/2011/1xxx/CVE-2011-1179.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=689931", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=689931" - }, - { - "name" : "RHSA-2011:0426", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0426.html" - }, - { - "name" : "RHSA-2011:0427", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0427.html" - }, - { - "name" : "47269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47269" - }, - { - "name" : "1025304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025304" - }, - { - "name" : "44060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44060" - }, - { - "name" : "ADV-2011-0899", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0899" - }, - { - "name" : "spicexpi-pointer-privilege-escalation(66777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025304" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff" + }, + { + "name": "RHSA-2011:0426", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0426.html" + }, + { + "name": "RHSA-2011:0427", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0427.html" + }, + { + "name": "spicexpi-pointer-privilege-escalation(66777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66777" + }, + { + "name": "ADV-2011-0899", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0899" + }, + { + "name": "44060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44060" + }, + { + "name": "47269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47269" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=689931", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689931" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1241.json b/2011/1xxx/CVE-2011-1241.json index 59ceb5d102b..14f28ba54ac 100644 --- a/2011/1xxx/CVE-2011-1241.json +++ b/2011/1xxx/CVE-2011-1241.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47218" - }, - { - "name" : "71756", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71756" - }, - { - "name" : "oval:org.mitre.oval:def:12540", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12540" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12540", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12540" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "47218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47218" + }, + { + "name": "71756", + "refsource": "OSVDB", + "url": "http://osvdb.org/71756" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1802.json b/2011/1xxx/CVE-2011-1802.json index ec012cb3112..be2549074fe 100644 --- a/2011/1xxx/CVE-2011-1802.json +++ b/2011/1xxx/CVE-2011-1802.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1802", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1802", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4072.json b/2011/4xxx/CVE-2011-4072.json index aa2904333e3..91bc34a7117 100644 --- a/2011/4xxx/CVE-2011-4072.json +++ b/2011/4xxx/CVE-2011-4072.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4072", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4072", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4467.json b/2011/4xxx/CVE-2011-4467.json index ea64c92c359..91c22caa514 100644 --- a/2011/4xxx/CVE-2011-4467.json +++ b/2011/4xxx/CVE-2011-4467.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4467", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4467", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4970.json b/2011/4xxx/CVE-2011-4970.json index 63830236e72..ca9252640c8 100644 --- a/2011/4xxx/CVE-2011-4970.json +++ b/2011/4xxx/CVE-2011-4970.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130310 Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/10/1" - }, - { - "name" : "[oss-security] 20130311 Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/12/1" - }, - { - "name" : "http://blog.pi3.com.pl/?p=402", - "refsource" : "MISC", - "url" : "http://blog.pi3.com.pl/?p=402" - }, - { - "name" : "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt", - "refsource" : "MISC", - "url" : "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt" - }, - { - "name" : "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683", - "refsource" : "CONFIRM", - "url" : "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683" - }, - { - "name" : "52487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt", + "refsource": "MISC", + "url": "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt" + }, + { + "name": "[oss-security] 20130311 Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/12/1" + }, + { + "name": "[oss-security] 20130310 Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/10/1" + }, + { + "name": "52487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52487" + }, + { + "name": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683", + "refsource": "CONFIRM", + "url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683" + }, + { + "name": "http://blog.pi3.com.pl/?p=402", + "refsource": "MISC", + "url": "http://blog.pi3.com.pl/?p=402" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5253.json b/2011/5xxx/CVE-2011-5253.json index 7a08403c2b4..4d676c472b9 100644 --- a/2011/5xxx/CVE-2011-5253.json +++ b/2011/5xxx/CVE-2011-5253.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.thregr.org/~wavexx/software/dl/NEWS.html", - "refsource" : "CONFIRM", - "url" : "http://www.thregr.org/~wavexx/software/dl/NEWS.html" - }, - { - "name" : "51347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51347" - }, - { - "name" : "47466", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47466" - }, - { - "name" : "dl-download-security-bypass(72252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dl-download-security-bypass(72252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72252" + }, + { + "name": "47466", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47466" + }, + { + "name": "http://www.thregr.org/~wavexx/software/dl/NEWS.html", + "refsource": "CONFIRM", + "url": "http://www.thregr.org/~wavexx/software/dl/NEWS.html" + }, + { + "name": "51347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51347" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5266.json b/2011/5xxx/CVE-2011-5266.json index 5842b56ff35..ef8ab169d5d 100644 --- a/2011/5xxx/CVE-2011-5266.json +++ b/2011/5xxx/CVE-2011-5266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5266", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5266", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2319.json b/2014/2xxx/CVE-2014-2319.json index 84e9b1bc578..ca1d55f2825 100644 --- a/2014/2xxx/CVE-2014-2319.json +++ b/2014/2xxx/CVE-2014-2319.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://int21.de/cve/CVE-2014-2319-powerarchiver.html", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2014-2319-powerarchiver.html" - }, - { - "name" : "http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/", - "refsource" : "CONFIRM", - "url" : "http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://int21.de/cve/CVE-2014-2319-powerarchiver.html", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2014-2319-powerarchiver.html" + }, + { + "name": "http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/", + "refsource": "CONFIRM", + "url": "http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2387.json b/2014/2xxx/CVE-2014-2387.json index 23368e3b54c..f27190737e5 100644 --- a/2014/2xxx/CVE-2014-2387.json +++ b/2014/2xxx/CVE-2014-2387.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2387", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2387", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2912.json b/2014/2xxx/CVE-2014-2912.json index aff47edbbef..b96f0641972 100644 --- a/2014/2xxx/CVE-2014-2912.json +++ b/2014/2xxx/CVE-2014-2912.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2912", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2912", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3201.json b/2014/3xxx/CVE-2014-3201.json index dfb092dd3e2..d2caf62bce8 100644 --- a/2014/3xxx/CVE-2014-3201.json +++ b/2014/3xxx/CVE-2014-3201.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html" - }, - { - "name" : "https://crbug.com/406593", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/406593" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=182021&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=182021&view=revision" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=182021&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=182021&view=revision" + }, + { + "name": "https://crbug.com/406593", + "refsource": "CONFIRM", + "url": "https://crbug.com/406593" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3242.json b/2014/3xxx/CVE-2014-3242.json index 7aaf0faf00b..09b7c5fefa0 100644 --- a/2014/3xxx/CVE-2014-3242.json +++ b/2014/3xxx/CVE-2014-3242.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/20" - }, - { - "name" : "[oss-security] 20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/06/1" - }, - { - "name" : "[oss-security] 20140506 Re: CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/06/9" - }, - { - "name" : "http://www.pnigos.com/?p=260", - "refsource" : "MISC", - "url" : "http://www.pnigos.com/?p=260" - }, - { - "name" : "67216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/20" + }, + { + "name": "[oss-security] 20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/06/1" + }, + { + "name": "http://www.pnigos.com/?p=260", + "refsource": "MISC", + "url": "http://www.pnigos.com/?p=260" + }, + { + "name": "67216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67216" + }, + { + "name": "[oss-security] 20140506 Re: CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/06/9" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3422.json b/2014/3xxx/CVE-2014-3422.json index 9c0a2152c37..d932d07f035 100644 --- a/2014/3xxx/CVE-2014-3422.json +++ b/2014/3xxx/CVE-2014-3422.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html" - }, - { - "name" : "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/07/7" - }, - { - "name" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", - "refsource" : "CONFIRM", - "url" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0250.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0250.html" - }, - { - "name" : "MDVSA-2015:117", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/07/7" + }, + { + "name": "MDVSA-2015:117", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0250.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0250.html" + }, + { + "name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", + "refsource": "CONFIRM", + "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8" + }, + { + "name": "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6221.json b/2014/6xxx/CVE-2014-6221.json index 6995db103f3..d3e19a23113 100644 --- a/2014/6xxx/CVE-2014-6221.json +++ b/2014/6xxx/CVE-2014-6221.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698893", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698893" - }, - { - "name" : "73915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73915" - }, - { - "name" : "1032026", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893" + }, + { + "name": "73915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73915" + }, + { + "name": "1032026", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032026" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6634.json b/2014/6xxx/CVE-2014-6634.json index b7ffecc1aa0..4bfdb9d2bd8 100644 --- a/2014/6xxx/CVE-2014-6634.json +++ b/2014/6xxx/CVE-2014-6634.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6634", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6634", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6921.json b/2014/6xxx/CVE-2014-6921.json index 9725bde8548..7d9b46fb7de 100644 --- a/2014/6xxx/CVE-2014-6921.json +++ b/2014/6xxx/CVE-2014-6921.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#373849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/373849" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#373849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/373849" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6949.json b/2014/6xxx/CVE-2014-6949.json index 4f075c1bb61..77bb6bf6cfc 100644 --- a/2014/6xxx/CVE-2014-6949.json +++ b/2014/6xxx/CVE-2014-6949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#173121", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/173121" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#173121", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/173121" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7153.json b/2014/7xxx/CVE-2014-7153.json index 64c06c4dbc0..909266d4834 100644 --- a/2014/7xxx/CVE-2014-7153.json +++ b/2014/7xxx/CVE-2014-7153.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7631.json b/2014/7xxx/CVE-2014-7631.json index 0158cd631a6..9a121cdcb67 100644 --- a/2014/7xxx/CVE-2014-7631.json +++ b/2014/7xxx/CVE-2014-7631.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#242641", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/242641" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#242641", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/242641" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7672.json b/2014/7xxx/CVE-2014-7672.json index 55542f11682..d3206f4f03c 100644 --- a/2014/7xxx/CVE-2014-7672.json +++ b/2014/7xxx/CVE-2014-7672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7672", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7672", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2112.json b/2016/2xxx/CVE-2016-2112.json index 4b44c554a47..8abb36fb618 100644 --- a/2016/2xxx/CVE-2016-2112.json +++ b/2016/2xxx/CVE-2016-2112.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://badlock.org/", - "refsource" : "MISC", - "url" : "http://badlock.org/" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2016-2112.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2016-2112.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821" - }, - { - "name" : "https://www.samba.org/samba/history/samba-4.2.10.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/history/samba-4.2.10.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa122", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa122" - }, - { - "name" : "https://www.samba.org/samba/latest_news.html#4.4.2", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/latest_news.html#4.4.2" - }, - { - "name" : "DSA-3548", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3548" - }, - { - "name" : "FEDORA-2016-383fce04e2", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html" - }, - { - "name" : "FEDORA-2016-48b3761baa", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html" - }, - { - "name" : "FEDORA-2016-be53260726", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html" - }, - { - "name" : "GLSA-201612-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-47" - }, - { - "name" : "RHSA-2016:0611", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0611.html" - }, - { - "name" : "RHSA-2016:0613", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0613.html" - }, - { - "name" : "RHSA-2016:0614", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0614.html" - }, - { - "name" : "RHSA-2016:0618", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0618.html" - }, - { - "name" : "RHSA-2016:0619", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0619.html" - }, - { - "name" : "RHSA-2016:0620", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0620.html" - }, - { - "name" : "RHSA-2016:0624", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0624.html" - }, - { - "name" : "RHSA-2016:0612", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0612.html" - }, - { - "name" : "SSA:2016-106-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012" - }, - { - "name" : "SUSE-SU-2016:1022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:1023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html" - }, - { - "name" : "SUSE-SU-2016:1024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html" - }, - { - "name" : "SUSE-SU-2016:1028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:1025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "USN-2950-5", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-5" - }, - { - "name" : "USN-2950-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-3" - }, - { - "name" : "USN-2950-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-4" - }, - { - "name" : "USN-2950-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-1" - }, - { - "name" : "USN-2950-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-2" - }, - { - "name" : "1035533", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2016-106-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012" + }, + { + "name": "SUSE-SU-2016:1022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html" + }, + { + "name": "RHSA-2016:0612", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0612.html" + }, + { + "name": "USN-2950-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-1" + }, + { + "name": "SUSE-SU-2016:1028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html" + }, + { + "name": "RHSA-2016:0613", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0613.html" + }, + { + "name": "http://badlock.org/", + "refsource": "MISC", + "url": "http://badlock.org/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "openSUSE-SU-2016:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" + }, + { + "name": "USN-2950-5", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-5" + }, + { + "name": "https://www.samba.org/samba/history/samba-4.2.10.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/history/samba-4.2.10.html" + }, + { + "name": "FEDORA-2016-be53260726", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html" + }, + { + "name": "RHSA-2016:0624", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0624.html" + }, + { + "name": "RHSA-2016:0618", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0618.html" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2016-2112.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2016-2112.html" + }, + { + "name": "SUSE-SU-2016:1024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html" + }, + { + "name": "SUSE-SU-2016:1023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html" + }, + { + "name": "https://www.samba.org/samba/latest_news.html#4.4.2", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/latest_news.html#4.4.2" + }, + { + "name": "1035533", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035533" + }, + { + "name": "FEDORA-2016-48b3761baa", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html" + }, + { + "name": "RHSA-2016:0614", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0614.html" + }, + { + "name": "openSUSE-SU-2016:1025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html" + }, + { + "name": "RHSA-2016:0620", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0620.html" + }, + { + "name": "RHSA-2016:0611", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0611.html" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa122", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa122" + }, + { + "name": "USN-2950-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-3" + }, + { + "name": "FEDORA-2016-383fce04e2", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "RHSA-2016:0619", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0619.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821" + }, + { + "name": "GLSA-201612-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-47" + }, + { + "name": "DSA-3548", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3548" + }, + { + "name": "USN-2950-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399" + }, + { + "name": "USN-2950-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-4" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2682.json b/2016/2xxx/CVE-2016-2682.json index 19daefc92e6..e97dc7db8b1 100644 --- a/2016/2xxx/CVE-2016-2682.json +++ b/2016/2xxx/CVE-2016-2682.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2682", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2682", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0602.json b/2017/0xxx/CVE-2017-0602.json index 917b51d69a1..adac945fa75 100644 --- a/2017/0xxx/CVE-2017-0602.json +++ b/2017/0xxx/CVE-2017-0602.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98141" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0976.json b/2017/0xxx/CVE-2017-0976.json index 5b7da0677ac..24531f4ceb8 100644 --- a/2017/0xxx/CVE-2017-0976.json +++ b/2017/0xxx/CVE-2017-0976.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0976", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0976", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0988.json b/2017/0xxx/CVE-2017-0988.json index b22d7e11e6b..4d04c459e11 100644 --- a/2017/0xxx/CVE-2017-0988.json +++ b/2017/0xxx/CVE-2017-0988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0988", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0988", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18122.json b/2017/18xxx/CVE-2017-18122.json index abbdd332467..33769942264 100644 --- a/2017/18xxx/CVE-2017-18122.json +++ b/2017/18xxx/CVE-2017-18122.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180209 [SECURITY] [DLA 1273-1] simplesamlphp security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html" - }, - { - "name" : "https://simplesamlphp.org/security/201710-01", - "refsource" : "CONFIRM", - "url" : "https://simplesamlphp.org/security/201710-01" - }, - { - "name" : "DSA-4127", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1273-1] simplesamlphp security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html" + }, + { + "name": "DSA-4127", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4127" + }, + { + "name": "https://simplesamlphp.org/security/201710-01", + "refsource": "CONFIRM", + "url": "https://simplesamlphp.org/security/201710-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18191.json b/2017/18xxx/CVE-2017-18191.json index f406b5f649a..7193ee71c25 100644 --- a/2017/18xxx/CVE-2017-18191.json +++ b/2017/18xxx/CVE-2017-18191.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2018/04/20/3", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/04/20/3" - }, - { - "name" : "https://launchpad.net/bugs/1739593", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/1739593" - }, - { - "name" : "https://review.openstack.org/539893", - "refsource" : "CONFIRM", - "url" : "https://review.openstack.org/539893" - }, - { - "name" : "https://security.openstack.org/ossa/OSSA-2018-001.html", - "refsource" : "CONFIRM", - "url" : "https://security.openstack.org/ossa/OSSA-2018-001.html" - }, - { - "name" : "RHSA-2018:2332", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2332" - }, - { - "name" : "RHSA-2018:2714", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2714" - }, - { - "name" : "RHSA-2018:2855", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2855" - }, - { - "name" : "103104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103104" + }, + { + "name": "RHSA-2018:2714", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2714" + }, + { + "name": "https://review.openstack.org/539893", + "refsource": "CONFIRM", + "url": "https://review.openstack.org/539893" + }, + { + "name": "http://openwall.com/lists/oss-security/2018/04/20/3", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/04/20/3" + }, + { + "name": "https://security.openstack.org/ossa/OSSA-2018-001.html", + "refsource": "CONFIRM", + "url": "https://security.openstack.org/ossa/OSSA-2018-001.html" + }, + { + "name": "RHSA-2018:2332", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2332" + }, + { + "name": "https://launchpad.net/bugs/1739593", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/1739593" + }, + { + "name": "RHSA-2018:2855", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2855" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18340.json b/2017/18xxx/CVE-2017-18340.json index ba5a376e799..7cca8e83ac6 100644 --- a/2017/18xxx/CVE-2017-18340.json +++ b/2017/18xxx/CVE-2017-18340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1083.json b/2017/1xxx/CVE-2017-1083.json index d4e8b37aa60..64e46493b9d 100644 --- a/2017/1xxx/CVE-2017-1083.json +++ b/2017/1xxx/CVE-2017-1083.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "DATE_PUBLIC" : "2017-06-19T00:00:00", - "ID" : "CVE-2017-1083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "before 11.2-RELEASE" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Userspace stack overflow" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "DATE_PUBLIC": "2017-06-19T00:00:00", + "ID": "CVE-2017-1083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "before 11.2-RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Userspace stack overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1245.json b/2017/1xxx/CVE-2017-1245.json index 871f1dc1e3b..af37c02b735 100644 --- a/2017/1xxx/CVE-2017-1245.json +++ b/2017/1xxx/CVE-2017-1245.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-20T00:00:00", - "ID" : "CVE-2017-1245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Rhapsody Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - }, - { - "product_name" : "Rational Rhapsody Design Manager ", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-20T00:00:00", + "ID": "CVE-2017-1245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Rhapsody Design Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + }, + { + "product_name": "Rational Rhapsody Design Manager ", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124580", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124580" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006052", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124580", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124580" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1511.json b/2017/1xxx/CVE-2017-1511.json index e95ed20acbb..36227028738 100644 --- a/2017/1xxx/CVE-2017-1511.json +++ b/2017/1xxx/CVE-2017-1511.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1511", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1511", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1595.json b/2017/1xxx/CVE-2017-1595.json index 63bf47f833b..ca99a26f0b6 100644 --- a/2017/1xxx/CVE-2017-1595.json +++ b/2017/1xxx/CVE-2017-1595.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-18T00:00:00", - "ID" : "CVE-2017-1595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "10.1.2" - }, - { - "version_value" : "10.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-18T00:00:00", + "ID": "CVE-2017-1595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.1" + }, + { + "version_value": "10.1.2" + }, + { + "version_value": "10.1.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132549", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132549" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009629", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009629", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009629" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132549", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132549" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5410.json b/2017/5xxx/CVE-2017-5410.json index 227b2c1b134..ca9bab5067d 100644 --- a/2017/5xxx/CVE-2017-5410.json +++ b/2017/5xxx/CVE-2017-5410.json @@ -1,154 +1,154 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - }, - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory corruption during JavaScript garbage collection incremental sweeping" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + }, + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1330687", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1330687" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-07/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-07/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "DSA-3805", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3805" - }, - { - "name" : "DSA-3832", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3832" - }, - { - "name" : "GLSA-201705-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-06" - }, - { - "name" : "GLSA-201705-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-07" - }, - { - "name" : "RHSA-2017:0459", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0459.html" - }, - { - "name" : "RHSA-2017:0461", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0461.html" - }, - { - "name" : "RHSA-2017:0498", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0498.html" - }, - { - "name" : "96693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96693" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption during JavaScript garbage collection incremental sweeping" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96693" + }, + { + "name": "RHSA-2017:0459", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "DSA-3832", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3832" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-07/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1330687", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1330687" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "GLSA-201705-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-06" + }, + { + "name": "RHSA-2017:0461", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html" + }, + { + "name": "DSA-3805", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3805" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/" + }, + { + "name": "RHSA-2017:0498", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html" + }, + { + "name": "GLSA-201705-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-07" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5523.json b/2017/5xxx/CVE-2017-5523.json index 358b5a31f0b..ddae988936a 100644 --- a/2017/5xxx/CVE-2017-5523.json +++ b/2017/5xxx/CVE-2017-5523.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5523", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5523", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5612.json b/2017/5xxx/CVE-2017-5612.json index be4ebf40d64..508b6914088 100644 --- a/2017/5xxx/CVE-2017-5612.json +++ b/2017/5xxx/CVE-2017-5612.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-5612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170128 Re: CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/28/5" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8731", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8731" - }, - { - "name" : "https://codex.wordpress.org/Version_4.7.2", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.7.2" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849" - }, - { - "name" : "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/" - }, - { - "name" : "DSA-3779", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3779" - }, - { - "name" : "95816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95816" - }, - { - "name" : "1037731", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codex.wordpress.org/Version_4.7.2", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.7.2" + }, + { + "name": "95816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95816" + }, + { + "name": "DSA-3779", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3779" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849" + }, + { + "name": "[oss-security] 20170128 Re: CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/28/5" + }, + { + "name": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8731", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8731" + }, + { + "name": "1037731", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037731" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5634.json b/2017/5xxx/CVE-2017-5634.json index 2bcf1915633..7d27bd3e615 100644 --- a/2017/5xxx/CVE-2017-5634.json +++ b/2017/5xxx/CVE-2017-5634.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended \"Please select booking identification\" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugemot.com/bug/190", - "refsource" : "MISC", - "url" : "https://bugemot.com/bug/190" - }, - { - "name" : "https://www.youtube.com/watch?v=2j9gP5Qu2WA", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=2j9gP5Qu2WA" - }, - { - "name" : "https://www.youtube.com/watch?v=WSQW0ipnXQg", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=WSQW0ipnXQg" - }, - { - "name" : "96230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended \"Please select booking identification\" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=2j9gP5Qu2WA", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=2j9gP5Qu2WA" + }, + { + "name": "96230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96230" + }, + { + "name": "https://www.youtube.com/watch?v=WSQW0ipnXQg", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=WSQW0ipnXQg" + }, + { + "name": "https://bugemot.com/bug/190", + "refsource": "MISC", + "url": "https://bugemot.com/bug/190" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5861.json b/2017/5xxx/CVE-2017-5861.json index ce0aa3d0a25..4374163429a 100644 --- a/2017/5xxx/CVE-2017-5861.json +++ b/2017/5xxx/CVE-2017-5861.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5861", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5861", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file