From 3dc80424876a82751dee476d269e3bf9ff037a9c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:37:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0089.json | 160 +- 2006/0xxx/CVE-2006-0199.json | 190 +-- 2006/0xxx/CVE-2006-0632.json | 170 +- 2006/3xxx/CVE-2006-3017.json | 470 +++--- 2006/3xxx/CVE-2006-3044.json | 160 +- 2006/3xxx/CVE-2006-3179.json | 180 +-- 2006/3xxx/CVE-2006-3487.json | 120 +- 2006/3xxx/CVE-2006-3862.json | 200 +-- 2006/4xxx/CVE-2006-4163.json | 140 +- 2006/4xxx/CVE-2006-4295.json | 150 +- 2006/4xxx/CVE-2006-4500.json | 150 +- 2006/4xxx/CVE-2006-4683.json | 150 +- 2006/4xxx/CVE-2006-4858.json | 180 +-- 2006/4xxx/CVE-2006-4922.json | 150 +- 2006/7xxx/CVE-2006-7105.json | 150 +- 2006/7xxx/CVE-2006-7137.json | 140 +- 2010/2xxx/CVE-2010-2017.json | 140 +- 2010/2xxx/CVE-2010-2697.json | 160 +- 2010/2xxx/CVE-2010-2989.json | 130 +- 2010/3xxx/CVE-2010-3209.json | 140 +- 2010/3xxx/CVE-2010-3955.json | 150 +- 2011/0xxx/CVE-2011-0140.json | 180 +-- 2011/0xxx/CVE-2011-0196.json | 130 +- 2011/0xxx/CVE-2011-0813.json | 120 +- 2011/0xxx/CVE-2011-0823.json | 120 +- 2011/0xxx/CVE-2011-0936.json | 34 +- 2011/1xxx/CVE-2011-1258.json | 140 +- 2011/1xxx/CVE-2011-1337.json | 210 +-- 2011/1xxx/CVE-2011-1391.json | 150 +- 2011/1xxx/CVE-2011-1603.json | 160 +- 2011/1xxx/CVE-2011-1640.json | 120 +- 2011/1xxx/CVE-2011-1693.json | 34 +- 2011/5xxx/CVE-2011-5028.json | 180 +-- 2014/3xxx/CVE-2014-3162.json | 180 +-- 2014/3xxx/CVE-2014-3180.json | 34 +- 2014/3xxx/CVE-2014-3519.json | 170 +- 2014/3xxx/CVE-2014-3566.json | 2690 ++++++++++++++++---------------- 2014/3xxx/CVE-2014-3690.json | 330 ++-- 2014/3xxx/CVE-2014-3961.json | 180 +-- 2014/6xxx/CVE-2014-6169.json | 130 +- 2014/6xxx/CVE-2014-6474.json | 130 +- 2014/6xxx/CVE-2014-6793.json | 140 +- 2014/7xxx/CVE-2014-7048.json | 140 +- 2014/7xxx/CVE-2014-7534.json | 140 +- 2014/8xxx/CVE-2014-8690.json | 190 +-- 2014/8xxx/CVE-2014-8695.json | 34 +- 2014/8xxx/CVE-2014-8697.json | 34 +- 2016/2xxx/CVE-2016-2972.json | 176 +-- 2016/6xxx/CVE-2016-6788.json | 130 +- 2017/18xxx/CVE-2017-18093.json | 148 +- 2017/18xxx/CVE-2017-18110.json | 34 +- 2017/1xxx/CVE-2017-1855.json | 34 +- 2017/5xxx/CVE-2017-5515.json | 130 +- 2017/5xxx/CVE-2017-5770.json | 34 +- 2017/5xxx/CVE-2017-5805.json | 142 +- 2017/5xxx/CVE-2017-5991.json | 170 +- 56 files changed, 5339 insertions(+), 5339 deletions(-) diff --git a/2006/0xxx/CVE-2006-0089.json b/2006/0xxx/CVE-2006-0089.json index 4e4fd9db3d6..09d64770331 100644 --- a/2006/0xxx/CVE-2006-0089.json +++ b/2006/0xxx/CVE-2006-0089.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://users.pandora.be/bratax/advisories/b007.html", - "refsource" : "MISC", - "url" : "http://users.pandora.be/bratax/advisories/b007.html" - }, - { - "name" : "16136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16136" - }, - { - "name" : "ADV-2006-0032", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0032" - }, - { - "name" : "22208", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22208" - }, - { - "name" : "18294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18294" + }, + { + "name": "http://users.pandora.be/bratax/advisories/b007.html", + "refsource": "MISC", + "url": "http://users.pandora.be/bratax/advisories/b007.html" + }, + { + "name": "22208", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22208" + }, + { + "name": "16136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16136" + }, + { + "name": "ADV-2006-0032", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0032" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0199.json b/2006/0xxx/CVE-2006-0199.json index 2416bb73dde..1128b513e54 100644 --- a/2006/0xxx/CVE-2006-0199.json +++ b/2006/0xxx/CVE-2006-0199.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060113 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injectionvulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421727/100/0/threaded" - }, - { - "name" : "20060112 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0439.html" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=7", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=7" - }, - { - "name" : "ADV-2006-0173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0173" - }, - { - "name" : "22384", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22384" - }, - { - "name" : "18439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18439" - }, - { - "name" : "340", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/340" - }, - { - "name" : "mininuke-news-sql-injection(24098)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mininuke-news-sql-injection(24098)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24098" + }, + { + "name": "20060113 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injectionvulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421727/100/0/threaded" + }, + { + "name": "22384", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22384" + }, + { + "name": "18439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18439" + }, + { + "name": "http://www.nukedx.com/?viewdoc=7", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=7" + }, + { + "name": "ADV-2006-0173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0173" + }, + { + "name": "340", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/340" + }, + { + "name": "20060112 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0439.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0632.json b/2006/0xxx/CVE-2006-0632.json index f4ec383159d..006bf8e51bb 100644 --- a/2006/0xxx/CVE-2006-0632.json +++ b/2006/0xxx/CVE-2006-0632.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key (\"validation ID\") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060205 Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424074/100/0/threaded" - }, - { - "name" : "http://www.r-security.net/tutorials/view/readtutorial.php?id=4", - "refsource" : "MISC", - "url" : "http://www.r-security.net/tutorials/view/readtutorial.php?id=4" - }, - { - "name" : "ADV-2006-0461", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0461" - }, - { - "name" : "22949", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22949" - }, - { - "name" : "18727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18727" - }, - { - "name" : "phpbb-weak-rnd(24573)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key (\"validation ID\") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060205 Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424074/100/0/threaded" + }, + { + "name": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4", + "refsource": "MISC", + "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4" + }, + { + "name": "18727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18727" + }, + { + "name": "ADV-2006-0461", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0461" + }, + { + "name": "phpbb-weak-rnd(24573)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24573" + }, + { + "name": "22949", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22949" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3017.json b/2006/3xxx/CVE-2006-3017.json index d1ed074c90f..06776fb06a0 100644 --- a/2006/3xxx/CVE-2006-3017.json +++ b/2006/3xxx/CVE-2006-3017.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442437/100/0/threaded" - }, - { - "name" : "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447866/100/0/threaded" - }, - { - "name" : "20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html" - }, - { - "name" : "http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html" - }, - { - "name" : "http://www.php.net/release_5_1_3.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_5_1_3.php" - }, - { - "name" : "http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2" - }, - { - "name" : "http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-683", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-683" - }, - { - "name" : "DSA-1206", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1206" - }, - { - "name" : "MDKSA-2006:122", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" - }, - { - "name" : "RHSA-2006:0568", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0568.html" - }, - { - "name" : "RHSA-2006:0567", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0567.html" - }, - { - "name" : "RHSA-2006:0549", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0549.html" - }, - { - "name" : "20060701-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" - }, - { - "name" : "SUSE-SA:2006:031", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_31_php.html" - }, - { - "name" : "SUSE-SA:2006:034", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_34_php4.html" - }, - { - "name" : "TLSA-2006-38", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" - }, - { - "name" : "USN-320-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/320-1/" - }, - { - "name" : "17843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17843" - }, - { - "name" : "25255", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25255" - }, - { - "name" : "26466", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26466" - }, - { - "name" : "oval:org.mitre.oval:def:10118", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118" - }, - { - "name" : "1016306", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016306" - }, - { - "name" : "1016649", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016649" - }, - { - "name" : "19927", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19927" - }, - { - "name" : "21050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21050" - }, - { - "name" : "21031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21031" - }, - { - "name" : "21135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21135" - }, - { - "name" : "21202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21202" - }, - { - "name" : "21252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21252" - }, - { - "name" : "21723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21723" - }, - { - "name" : "22225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22225" - }, - { - "name" : "22713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22713" - }, - { - "name" : "21125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21125" - }, - { - "name" : "php-zendhashdel-unspecified(27396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21723" + }, + { + "name": "https://issues.rpath.com/browse/RPL-683", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-683" + }, + { + "name": "21252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21252" + }, + { + "name": "21202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21202" + }, + { + "name": "http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log" + }, + { + "name": "TLSA-2006-38", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" + }, + { + "name": "http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2" + }, + { + "name": "DSA-1206", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1206" + }, + { + "name": "21050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21050" + }, + { + "name": "SUSE-SA:2006:031", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_31_php.html" + }, + { + "name": "20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442437/100/0/threaded" + }, + { + "name": "26466", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26466" + }, + { + "name": "22713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22713" + }, + { + "name": "RHSA-2006:0568", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0568.html" + }, + { + "name": "21135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21135" + }, + { + "name": "http://www.php.net/release_5_1_3.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_5_1_3.php" + }, + { + "name": "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447866/100/0/threaded" + }, + { + "name": "1016649", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016649" + }, + { + "name": "RHSA-2006:0549", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html" + }, + { + "name": "22225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22225" + }, + { + "name": "MDKSA-2006:122", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" + }, + { + "name": "21125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21125" + }, + { + "name": "19927", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19927" + }, + { + "name": "25255", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25255" + }, + { + "name": "php-zendhashdel-unspecified(27396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27396" + }, + { + "name": "1016306", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016306" + }, + { + "name": "21031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21031" + }, + { + "name": "RHSA-2006:0567", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0567.html" + }, + { + "name": "20060701-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" + }, + { + "name": "oval:org.mitre.oval:def:10118", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118" + }, + { + "name": "http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm" + }, + { + "name": "USN-320-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/320-1/" + }, + { + "name": "20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html" + }, + { + "name": "SUSE-SA:2006:034", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_34_php4.html" + }, + { + "name": "17843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17843" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3044.json b/2006/3xxx/CVE-2006-3044.json index 4198915a0e8..a4c82b476d7 100644 --- a/2006/3xxx/CVE-2006-3044.json +++ b/2006/3xxx/CVE-2006-3044.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-2280", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2280" - }, - { - "name" : "26324", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26324" - }, - { - "name" : "1016268", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016268" - }, - { - "name" : "20578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20578" - }, - { - "name" : "logisphere-url-xss(27698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "logisphere-url-xss(27698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27698" + }, + { + "name": "26324", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26324" + }, + { + "name": "1016268", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016268" + }, + { + "name": "ADV-2006-2280", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2280" + }, + { + "name": "20578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20578" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3179.json b/2006/3xxx/CVE-2006-3179.json index 8af64e1f339..f43eee12891 100644 --- a/2006/3xxx/CVE-2006-3179.json +++ b/2006/3xxx/CVE-2006-3179.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 Confixx <= 3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437550/100/0/threaded" - }, - { - "name" : "18523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18523" - }, - { - "name" : "ADV-2006-2429", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2429" - }, - { - "name" : "26628", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26628" - }, - { - "name" : "20728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20728" - }, - { - "name" : "1126", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1126" - }, - { - "name" : "confixx-multiple-xss(27222)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "confixx-multiple-xss(27222)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27222" + }, + { + "name": "20060614 Confixx <= 3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437550/100/0/threaded" + }, + { + "name": "1126", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1126" + }, + { + "name": "ADV-2006-2429", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2429" + }, + { + "name": "26628", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26628" + }, + { + "name": "18523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18523" + }, + { + "name": "20728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20728" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3487.json b/2006/3xxx/CVE-2006-3487.json index 3950256b035..f311f11c92d 100644 --- a/2006/3xxx/CVE-2006-3487.json +++ b/2006/3xxx/CVE-2006-3487.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1016421", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016421", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016421" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3862.json b/2006/3xxx/CVE-2006-3862.json index cc88516a87c..7e6c98c7b01 100644 --- a/2006/3xxx/CVE-2006-3862.json +++ b/2006/3xxx/CVE-2006-3862.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 Informix - Discovery, Attack and Defense", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded" - }, - { - "name" : "20060814 SQLIDEBUG envariable overflow on Informix", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443165/100/0/threaded" - }, - { - "name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", - "refsource" : "MISC", - "url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" - }, - { - "name" : "19264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19264" - }, - { - "name" : "ADV-2006-3077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3077" - }, - { - "name" : "27694", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27694" - }, - { - "name" : "21301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21301" - }, - { - "name" : "informix-sqlidebug-bo(28158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "informix-sqlidebug-bo(28158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28158" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" + }, + { + "name": "27694", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27694" + }, + { + "name": "20060814 Informix - Discovery, Attack and Defense", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded" + }, + { + "name": "20060814 SQLIDEBUG envariable overflow on Informix", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443165/100/0/threaded" + }, + { + "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", + "refsource": "MISC", + "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" + }, + { + "name": "21301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21301" + }, + { + "name": "19264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19264" + }, + { + "name": "ADV-2006-3077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3077" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4163.json b/2006/4xxx/CVE-2006-4163.json index aa28326665d..c13f03fa365 100644 --- a/2006/4xxx/CVE-2006-4163.json +++ b/2006/4xxx/CVE-2006-4163.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of 20060816 was inconclusive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060810 miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442966/100/0/threaded" - }, - { - "name" : "20060813 Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443160/100/0/threaded" - }, - { - "name" : "19476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of 20060816 was inconclusive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060813 Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443160/100/0/threaded" + }, + { + "name": "20060810 miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442966/100/0/threaded" + }, + { + "name": "19476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19476" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4295.json b/2006/4xxx/CVE-2006-4295.json index 3f6749dba3c..7780dc0473a 100644 --- a/2006/4xxx/CVE-2006-4295.json +++ b/2006/4xxx/CVE-2006-4295.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html" - }, - { - "name" : "19471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19471" - }, - { - "name" : "29147", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29147" - }, - { - "name" : "1016696", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html" + }, + { + "name": "19471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19471" + }, + { + "name": "29147", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29147" + }, + { + "name": "1016696", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016696" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4500.json b/2006/4xxx/CVE-2006-4500.json index 5b96ec30e0d..3c52c8e2529 100644 --- a/2006/4xxx/CVE-2006-4500.json +++ b/2006/4xxx/CVE-2006-4500.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 Ezportal/Ztml v1.0 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444743/100/0/threaded" - }, - { - "name" : "19759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19759" - }, - { - "name" : "1481", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1481" - }, - { - "name" : "ezportalztml-index-xss(28666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060830 Ezportal/Ztml v1.0 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444743/100/0/threaded" + }, + { + "name": "1481", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1481" + }, + { + "name": "ezportalztml-index-xss(28666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28666" + }, + { + "name": "19759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19759" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4683.json b/2006/4xxx/CVE-2006-4683.json index 64cbf668497..298a3ceefe9 100644 --- a/2006/4xxx/CVE-2006-4683.json +++ b/2006/4xxx/CVE-2006-4683.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IC47088", - "refsource" : "AIXAPAR", - "url" : "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf" - }, - { - "name" : "19915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19915" - }, - { - "name" : "ADV-2006-3532", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3532" - }, - { - "name" : "21802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IC47088", + "refsource": "AIXAPAR", + "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf" + }, + { + "name": "ADV-2006-3532", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3532" + }, + { + "name": "21802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21802" + }, + { + "name": "19915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19915" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4858.json b/2006/4xxx/CVE-2006-4858.json index 525f1bb4951..360e5f00fe6 100644 --- a/2006/4xxx/CVE-2006-4858.json +++ b/2006/4xxx/CVE-2006-4858.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060914 Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446110/100/0/threaded" - }, - { - "name" : "2367", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2367" - }, - { - "name" : "20018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20018" - }, - { - "name" : "ADV-2006-3610", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3610" - }, - { - "name" : "21943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21943" - }, - { - "name" : "1598", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1598" - }, - { - "name" : "serverstat-install-file-include(28959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3610", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3610" + }, + { + "name": "20018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20018" + }, + { + "name": "1598", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1598" + }, + { + "name": "21943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21943" + }, + { + "name": "serverstat-install-file-include(28959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28959" + }, + { + "name": "20060914 Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446110/100/0/threaded" + }, + { + "name": "2367", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2367" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4922.json b/2006/4xxx/CVE-2006-4922.json index 1c253bca7f3..01f0abb117e 100644 --- a/2006/4xxx/CVE-2006-4922.json +++ b/2006/4xxx/CVE-2006-4922.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090915 Site@School 2.4.02 and below Multiple remote Command", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=115869368313367&w=2" - }, - { - "name" : "2374", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2374" - }, - { - "name" : "20053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20053" - }, - { - "name" : "1016887", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090915 Site@School 2.4.02 and below Multiple remote Command", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=115869368313367&w=2" + }, + { + "name": "2374", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2374" + }, + { + "name": "1016887", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016887" + }, + { + "name": "20053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20053" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7105.json b/2006/7xxx/CVE-2006-7105.json index 01ab9c11ba8..3d167eae06d 100644 --- a/2006/7xxx/CVE-2006-7105.json +++ b/2006/7xxx/CVE-2006-7105.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061014 Re: Vuln", - "refsource" : "FULLDISC", - "url" : "http://www.security-express.com/archives/fulldisclosure/2006-10/0299.html" - }, - { - "name" : "20061014 Vuln", - "refsource" : "FULLDISC", - "url" : "http://www.security-express.com/archives/fulldisclosure/2006-10/0292.html" - }, - { - "name" : "20557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20557" - }, - { - "name" : "smarty-smarty-file-include(29603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "smarty-smarty-file-include(29603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29603" + }, + { + "name": "20061014 Vuln", + "refsource": "FULLDISC", + "url": "http://www.security-express.com/archives/fulldisclosure/2006-10/0292.html" + }, + { + "name": "20557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20557" + }, + { + "name": "20061014 Re: Vuln", + "refsource": "FULLDISC", + "url": "http://www.security-express.com/archives/fulldisclosure/2006-10/0299.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7137.json b/2006/7xxx/CVE-2006-7137.json index 181572ca5da..b3de080c5a3 100644 --- a/2006/7xxx/CVE-2006-7137.json +++ b/2006/7xxx/CVE-2006-7137.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060805 Tinyportal Shoutbox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442308/100/0/threaded" - }, - { - "name" : "20070306 Re: Tinyportal Shoutbox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462018/100/0/threaded" - }, - { - "name" : "19357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19357" + }, + { + "name": "20070306 Re: Tinyportal Shoutbox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462018/100/0/threaded" + }, + { + "name": "20060805 Tinyportal Shoutbox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442308/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2017.json b/2010/2xxx/CVE-2010-2017.json index 0404c520915..91a63ece111 100644 --- a/2010/2xxx/CVE-2010-2017.json +++ b/2010/2xxx/CVE-2010-2017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/lokomediacms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/lokomediacms-xss.txt" - }, - { - "name" : "64748", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64748" - }, - { - "name" : "39863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39863" + }, + { + "name": "64748", + "refsource": "OSVDB", + "url": "http://osvdb.org/64748" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/lokomediacms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/lokomediacms-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2697.json b/2010/2xxx/CVE-2010-2697.json index 44e5e0ac07a..8a71834797a 100644 --- a/2010/2xxx/CVE-2010-2697.json +++ b/2010/2xxx/CVE-2010-2697.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14260", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14260" - }, - { - "name" : "66154", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66154" - }, - { - "name" : "40492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40492" - }, - { - "name" : "ADV-2010-1766", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1766" - }, - { - "name" : "sijio-title-xss(60176)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14260", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14260" + }, + { + "name": "sijio-title-xss(60176)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60176" + }, + { + "name": "66154", + "refsource": "OSVDB", + "url": "http://osvdb.org/66154" + }, + { + "name": "ADV-2010-1766", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1766" + }, + { + "name": "40492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40492" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2989.json b/2010/2xxx/CVE-2010-2989.json index a07d6eac869..a0bffc09b8b 100644 --- a/2010/2xxx/CVE-2010-2989.json +++ b/2010/2xxx/CVE-2010-2989.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100726 Nessus Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512645/100/0/threaded" - }, - { - "name" : "https://discussions.nessus.org/message/7245#7245", - "refsource" : "CONFIRM", - "url" : "https://discussions.nessus.org/message/7245#7245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discussions.nessus.org/message/7245#7245", + "refsource": "CONFIRM", + "url": "https://discussions.nessus.org/message/7245#7245" + }, + { + "name": "20100726 Nessus Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512645/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3209.json b/2010/3xxx/CVE-2010-3209.json index a38c389638c..836292e4e2e 100644 --- a/2010/3xxx/CVE-2010-3209.json +++ b/2010/3xxx/CVE-2010-3209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14841", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14841" - }, - { - "name" : "http://packetstormsecurity.org/1008-exploits/seagull-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1008-exploits/seagull-rfi.txt" - }, - { - "name" : "seagull-multiple-file-include(61470)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1008-exploits/seagull-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1008-exploits/seagull-rfi.txt" + }, + { + "name": "seagull-multiple-file-include(61470)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61470" + }, + { + "name": "14841", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14841" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3955.json b/2010/3xxx/CVE-2010-3955.json index 6432921ad7a..794e6b92a80 100644 --- a/2010/3xxx/CVE-2010-3955.json +++ b/2010/3xxx/CVE-2010-3955.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka \"Array Indexing Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-103", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12277", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12277" - }, - { - "name" : "1024885", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka \"Array Indexing Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-103", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103" + }, + { + "name": "oval:org.mitre.oval:def:12277", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12277" + }, + { + "name": "1024885", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024885" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0140.json b/2011/0xxx/CVE-2011-0140.json index 0fb79e573b6..1a20b579f93 100644 --- a/2011/0xxx/CVE-2011-0140.json +++ b/2011/0xxx/CVE-2011-0140.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:17378", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:17378", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17378" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0196.json b/2011/0xxx/CVE-2011-0196.json index d92b84b9f51..156c0ce97f6 100644 --- a/2011/0xxx/CVE-2011-0196.json +++ b/2011/0xxx/CVE-2011-0196.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0813.json b/2011/0xxx/CVE-2011-0813.json index 31f718a54df..c2a1af6180b 100644 --- a/2011/0xxx/CVE-2011-0813.json +++ b/2011/0xxx/CVE-2011-0813.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0823.json b/2011/0xxx/CVE-2011-0823.json index a77a0d0002f..2e0fffc7684 100644 --- a/2011/0xxx/CVE-2011-0823.json +++ b/2011/0xxx/CVE-2011-0823.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2011-0819." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2011-0819." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0936.json b/2011/0xxx/CVE-2011-0936.json index 67e120e0a87..56dc481f557 100644 --- a/2011/0xxx/CVE-2011-0936.json +++ b/2011/0xxx/CVE-2011-0936.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0936", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0936", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1258.json b/2011/1xxx/CVE-2011-1258.json index edc3451bece..d8c31910173 100644 --- a/2011/1xxx/CVE-2011-1258.json +++ b/2011/1xxx/CVE-2011-1258.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka \"Drag and Drop Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx" - }, - { - "name" : "MS11-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" - }, - { - "name" : "oval:org.mitre.oval:def:12495", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka \"Drag and Drop Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12495", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495" + }, + { + "name": "http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx" + }, + { + "name": "MS11-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1337.json b/2011/1xxx/CVE-2011-1337.json index 83ed3984891..600fab453d7 100644 --- a/2011/1xxx/CVE-2011-1337.json +++ b/2011/1xxx/CVE-2011-1337.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1150/" - }, - { - "name" : "http://www.opera.com/support/kb/view/996/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/996/" - }, - { - "name" : "JVN#47757122", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN47757122/index.html" - }, - { - "name" : "JVNDB-2011-000049", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000049.html" - }, - { - "name" : "48501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48501" - }, - { - "name" : "73486", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/73486" - }, - { - "name" : "45060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45060" - }, - { - "name" : "opera-error-pages-dos(68323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48501" + }, + { + "name": "opera-error-pages-dos(68323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68323" + }, + { + "name": "45060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45060" + }, + { + "name": "73486", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/73486" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1150/" + }, + { + "name": "JVN#47757122", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN47757122/index.html" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1150/" + }, + { + "name": "JVNDB-2011-000049", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000049.html" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1150/" + }, + { + "name": "http://www.opera.com/support/kb/view/996/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/996/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1391.json b/2011/1xxx/CVE-2011-1391.json index 38343c5de79..f32dd82b2d2 100644 --- a/2011/1xxx/CVE-2011-1391.json +++ b/2011/1xxx/CVE-2011-1391.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21576352", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21576352" - }, - { - "name" : "47286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47286" - }, - { - "name" : "47310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47310" - }, - { - "name" : "irr-bbf-code-execution(71803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "irr-bbf-code-execution(71803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71803" + }, + { + "name": "47286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47286" + }, + { + "name": "47310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47310" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1603.json b/2011/1xxx/CVE-2011-1603.json index 38649d91568..55758708509 100644 --- a/2011/1xxx/CVE-2011-1603.json +++ b/2011/1xxx/CVE-2011-1603.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110601 Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtml" - }, - { - "name" : "48079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48079" - }, - { - "name" : "72718", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72718" - }, - { - "name" : "1025588", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025588" - }, - { - "name" : "44814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44814/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025588", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025588" + }, + { + "name": "44814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44814/" + }, + { + "name": "48079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48079" + }, + { + "name": "20110601 Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtml" + }, + { + "name": "72718", + "refsource": "OSVDB", + "url": "http://osvdb.org/72718" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1640.json b/2011/1xxx/CVE-2011-1640.json index 97ff83f415e..6eb36a59e4a 100644 --- a/2011/1xxx/CVE-2011-1640.json +++ b/2011/1xxx/CVE-2011-1640.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXJ.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXJ.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXJ.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXJ.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1693.json b/2011/1xxx/CVE-2011-1693.json index a87562220d6..abf38c97893 100644 --- a/2011/1xxx/CVE-2011-1693.json +++ b/2011/1xxx/CVE-2011-1693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5028.json b/2011/5xxx/CVE-2011-5028.json index 011bd0ca194..b87bad5c15d 100644 --- a/2011/5xxx/CVE-2011-5028.json +++ b/2011/5xxx/CVE-2011-5028.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111218 Novell Sentinel Log Manager <=1.2.0.1 Path Traversal", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0368.html" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5138757.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5138757.html" - }, - { - "name" : "77948", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77948" - }, - { - "name" : "1026437", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026437" - }, - { - "name" : "47258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47258" - }, - { - "name" : "48760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48760" - }, - { - "name" : "novell-filedownload-dir-traversal(71861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026437", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026437" + }, + { + "name": "47258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47258" + }, + { + "name": "77948", + "refsource": "OSVDB", + "url": "http://osvdb.org/77948" + }, + { + "name": "20111218 Novell Sentinel Log Manager <=1.2.0.1 Path Traversal", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0368.html" + }, + { + "name": "novell-filedownload-dir-traversal(71861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71861" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5138757.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5138757.html" + }, + { + "name": "48760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48760" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3162.json b/2014/3xxx/CVE-2014-3162.json index 142191f8115..e00a72b6cb9 100644 --- a/2014/3xxx/CVE-2014-3162.json +++ b/2014/3xxx/CVE-2014-3162.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=393765", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=393765" - }, - { - "name" : "DSA-3039", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3039" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "68677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68677" - }, - { - "name" : "60372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60372" - }, - { - "name" : "60061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68677" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "60372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60372" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html" + }, + { + "name": "60061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60061" + }, + { + "name": "DSA-3039", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3039" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=393765", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=393765" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3180.json b/2014/3xxx/CVE-2014-3180.json index bbc7698814e..cb436b0c692 100644 --- a/2014/3xxx/CVE-2014-3180.json +++ b/2014/3xxx/CVE-2014-3180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3519.json b/2014/3xxx/CVE-2014-3519.json index 0af3708460c..de54d6ab4e0 100644 --- a/2014/3xxx/CVE-2014-3519.json +++ b/2014/3xxx/CVE-2014-3519.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140624 OpenVZ simfs container filesystem breakout", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/24/16" - }, - { - "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-", - "refsource" : "CONFIRM", - "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-" - }, - { - "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update", - "refsource" : "CONFIRM", - "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update" - }, - { - "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update", - "refsource" : "CONFIRM", - "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update" - }, - { - "name" : "https://openvz.org/Download/kernel/rhel6/042stab090.5", - "refsource" : "CONFIRM", - "url" : "https://openvz.org/Download/kernel/rhel6/042stab090.5" - }, - { - "name" : "68171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68171" + }, + { + "name": "https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update", + "refsource": "CONFIRM", + "url": "https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update" + }, + { + "name": "[oss-security] 20140624 OpenVZ simfs container filesystem breakout", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/24/16" + }, + { + "name": "https://openvz.org/Download/kernel/rhel6/042stab090.5", + "refsource": "CONFIRM", + "url": "https://openvz.org/Download/kernel/rhel6/042stab090.5" + }, + { + "name": "https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-", + "refsource": "CONFIRM", + "url": "https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-" + }, + { + "name": "https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update", + "refsource": "CONFIRM", + "url": "https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3566.json b/2014/3xxx/CVE-2014-3566.json index c8f223102ca..18b04e7936c 100644 --- a/2014/3xxx/CVE-2014-3566.json +++ b/2014/3xxx/CVE-2014-3566.json @@ -1,1347 +1,1347 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 (\"POODLE\")", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=openssl-dev&m=141333049205629&w=2" - }, - { - "name" : "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html", - "refsource" : "MISC", - "url" : "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html" - }, - { - "name" : "https://www.openssl.org/~bodo/ssl-poodle.pdf", - "refsource" : "MISC", - "url" : "https://www.openssl.org/~bodo/ssl-poodle.pdf" - }, - { - "name" : "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566", - "refsource" : "MISC", - "url" : "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566" - }, - { - "name" : "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html", - "refsource" : "MISC", - "url" : "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html" - }, - { - "name" : "https://github.com/mpgn/poodle-PoC", - "refsource" : "MISC", - "url" : "https://github.com/mpgn/poodle-PoC" - }, - { - "name" : "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html", - "refsource" : "MISC", - "url" : "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html" - }, - { - "name" : "https://www.imperialviolet.org/2014/10/14/poodle.html", - "refsource" : "MISC", - "url" : "https://www.imperialviolet.org/2014/10/14/poodle.html" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx" - }, - { - "name" : "https://technet.microsoft.com/library/security/3009008.aspx", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/3009008.aspx" - }, - { - "name" : "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html", - "refsource" : "CONFIRM", - "url" : "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html" - }, - { - "name" : "https://access.redhat.com/articles/1232123", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/articles/1232123" - }, - { - "name" : "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/", - "refsource" : "CONFIRM", - "url" : "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1152789", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" - }, - { - "name" : "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip", - "refsource" : "CONFIRM", - "url" : "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip" - }, - { - "name" : "https://www.suse.com/support/kb/doc.php?id=7015773", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/support/kb/doc.php?id=7015773" - }, - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "https://support.apple.com/kb/HT6536", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6536" - }, - { - "name" : "https://support.apple.com/kb/HT6541", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6541" - }, - { - "name" : "https://support.apple.com/kb/HT6542", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6542" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687172", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687172" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa83", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa83" - }, - { - "name" : "https://support.apple.com/kb/HT6527", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6527" - }, - { - "name" : "https://support.apple.com/kb/HT6529", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6529" - }, - { - "name" : "https://support.apple.com/kb/HT6531", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6531" - }, - { - "name" : "https://www.openssl.org/news/secadv_20141015.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20141015.txt" - }, - { - "name" : "http://support.citrix.com/article/CTX200238", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX200238" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687611", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687611" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0416.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0416.html" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" - }, - { - "name" : "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/", - "refsource" : "CONFIRM", - "url" : "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" - }, - { - "name" : "https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2014-011.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2014-011.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21688165", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21688165" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "https://www.elastic.co/blog/logstash-1-4-3-released", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/blog/logstash-1-4-3-released" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "https://support.apple.com/HT205217", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205217" - }, - { - "name" : "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf", - "refsource" : "CONFIRM", - "url" : "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "https://support.lenovo.com/product_security/poodle", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/product_security/poodle" - }, - { - "name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm", - "refsource" : "CONFIRM", - "url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/poodle", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/poodle" - }, - { - "name" : "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "refsource" : "CONFIRM", - "url" : "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10090", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10090" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10091", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10091" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10104", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10104" - }, - { - "name" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", - "refsource" : "CONFIRM", - "url" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20141015-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20141015-0001/" - }, - { - "name" : "https://support.citrix.com/article/CTX216642", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX216642" - }, - { - "name" : "https://puppet.com/security/cve/poodle-sslv3-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/poodle-sslv3-vulnerability" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "APPLE-SA-2014-10-16-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" - }, - { - "name" : "APPLE-SA-2014-10-20-1", - "refsource" : "APPLE", - "url" : "http://www.securityfocus.com/archive/1/533747" - }, - { - "name" : "APPLE-SA-2014-10-20-2", - "refsource" : "APPLE", - "url" : "http://www.securityfocus.com/archive/1/533746" - }, - { - "name" : "APPLE-SA-2014-10-16-4", - "refsource" : "APPLE", - "url" : "http://www.securityfocus.com/archive/1/533724/100/0/threaded" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-09-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" - }, - { - "name" : "20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle" - }, - { - "name" : "DSA-3053", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3053" - }, - { - "name" : "DSA-3144", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3144" - }, - { - "name" : "DSA-3147", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3147" - }, - { - "name" : "DSA-3253", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3253" - }, - { - "name" : "DSA-3489", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3489" - }, - { - "name" : "FEDORA-2014-12951", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html" - }, - { - "name" : "FEDORA-2014-13012", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html" - }, - { - "name" : "FEDORA-2014-13069", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html" - }, - { - "name" : "FEDORA-2015-9090", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html" - }, - { - "name" : "FEDORA-2015-9110", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html" - }, - { - "name" : "GLSA-201606-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-11" - }, - { - "name" : "GLSA-201507-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-14" - }, - { - "name" : "HPSBHF03156", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141450973807288&w=2" - }, - { - "name" : "HPSBMU03152", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141450452204552&w=2" - }, - { - "name" : "HPSBUX03162", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141477196830952&w=2" - }, - { - "name" : "SSRT101767", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141477196830952&w=2" - }, - { - "name" : "HPSBGN03201", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141697638231025&w=2" - }, - { - "name" : "HPSBGN03202", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141703183219781&w=2" - }, - { - "name" : "HPSBGN03203", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141697676231104&w=2" - }, - { - "name" : "HPSBGN03209", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141715130023061&w=2" - }, - { - "name" : "HPSBMU03214", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141694355519663&w=2" - }, - { - "name" : "HPSBGN03205", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775427104070&w=2" - }, - { - "name" : "HPSBST03265", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142546741516006&w=2" - }, - { - "name" : "HPSBGN03222", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141813976718456&w=2" - }, - { - "name" : "HPSBGN03237", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142296755107581&w=2" - }, - { - "name" : "HPSBGN03251", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142354438527235&w=2" - }, - { - "name" : "HPSBUX03273", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "SSRT101838", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141814011518700&w=2" - }, - { - "name" : "SSRT101854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142296755107581&w=2" - }, - { - "name" : "SSRT101899", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142354438527235&w=2" - }, - { - "name" : "SSRT101951", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "HPSBGN03208", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141814011518700&w=2" - }, - { - "name" : "HPSBGN03252", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142350743917559&w=2" - }, - { - "name" : "HPSBGN03253", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142350196615714&w=2" - }, - { - "name" : "HPSBGN03254", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142350298616097&w=2" - }, - { - "name" : "HPSBGN03255", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142357976805598&w=2" - }, - { - "name" : "HPSBMU03221", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879378918327&w=2" - }, - { - "name" : "HPSBMU03260", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2" - }, - { - "name" : "HPSBOV03227", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142103967620673&w=2" - }, - { - "name" : "SSRT101779", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142103967620673&w=2" - }, - { - "name" : "SSRT101849", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879378918327&w=2" - }, - { - "name" : "SSRT101894", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2" - }, - { - "name" : "SSRT101896", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142350743917559&w=2" - }, - { - "name" : "SSRT101897", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142350196615714&w=2" - }, - { - "name" : "SSRT101898", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142350298616097&w=2" - }, - { - "name" : "SSRT101928", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142357976805598&w=2" - }, - { - "name" : "HPSBGN03233", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101739", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101868", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "HPSBUX03281", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" - }, - { - "name" : "SSRT101968", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2" - }, - { - "name" : "HPSBMU03259", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624619906067&w=2" - }, - { - "name" : "HPSBMU03262", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624719706349&w=2" - }, - { - "name" : "HPSBMU03267", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624590206005&w=2" - }, - { - "name" : "HPSBMU03283", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624679706236&w=2" - }, - { - "name" : "SSRT101916", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624679706236&w=2" - }, - { - "name" : "SSRT101921", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624719706349&w=2" - }, - { - "name" : "SSRT101922", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624619906067" - }, - { - "name" : "HPSBHF03293", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "SSRT101846", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "HPSBMU03301", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721830231196&w=2" - }, - { - "name" : "SSRT101998", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721830231196&w=2" - }, - { - "name" : "HPSBHF03275", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721887231400&w=2" - }, - { - "name" : "SSRT101790", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721887231400&w=2" - }, - { - "name" : "HPSBMU03294", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142740155824959&w=2" - }, - { - "name" : "SSRT101795", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142740155824959&w=2" - }, - { - "name" : "HPSBMU03304", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142791032306609&w=2" - }, - { - "name" : "HPSBHF03300", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142804214608580&w=2" - }, - { - "name" : "HPSBST03195", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142805027510172&w=2" - }, - { - "name" : "HPSBMU03241", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143039249603103&w=2" - }, - { - "name" : "SSRT101892", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143039249603103&w=2" - }, - { - "name" : "HPSBUX03194", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143101048219218&w=2" - }, - { - "name" : "SSRT101834", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143101048219218&w=2" - }, - { - "name" : "HPSBGN03569", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=145983526810210&w=2" - }, - { - "name" : "HPSBGN03164", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577350823734&w=2" - }, - { - "name" : "HPSBGN03191", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141576815022399&w=2" - }, - { - "name" : "HPSBGN03192", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141620103726640&w=2" - }, - { - "name" : "HPSBGN03305", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142962817202793&w=2" - }, - { - "name" : "HPSBGN03332", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290371927178&w=2" - }, - { - "name" : "HPSBGN03391", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144294141001552&w=2" - }, - { - "name" : "HPSBMU03183", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141628688425177&w=2" - }, - { - "name" : "HPSBMU03184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577087123040&w=2" - }, - { - "name" : "HPSBMU03223", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290583027876&w=2" - }, - { - "name" : "HPSBMU03234", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143628269912142&w=2" - }, - { - "name" : "HPSBMU03261", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290522027658&w=2" - }, - { - "name" : "HPSBMU03263", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290437727362&w=2" - }, - { - "name" : "HPSBMU03416", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144101915224472&w=2" - }, - { - "name" : "HPSBPI03107", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143558137709884&w=2" - }, - { - "name" : "HPSBPI03360", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143558192010071&w=2" - }, - { - "name" : "HPSBST03418", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144251162130364&w=2" - }, - { - "name" : "MDVSA-2014:203", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203" - }, - { - "name" : "MDVSA-2015:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" - }, - { - "name" : "NetBSD-SA2014-015", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" - }, - { - "name" : "RHSA-2014:1652", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1652.html" - }, - { - "name" : "RHSA-2014:1692", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1692.html" - }, - { - "name" : "RHSA-2014:1653", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1653.html" - }, - { - "name" : "RHSA-2014:1920", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1920.html" - }, - { - "name" : "RHSA-2014:1876", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1876.html" - }, - { - "name" : "RHSA-2014:1877", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1877.html" - }, - { - "name" : "RHSA-2014:1880", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1880.html" - }, - { - "name" : "RHSA-2014:1881", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1881.html" - }, - { - "name" : "RHSA-2014:1882", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1882.html" - }, - { - "name" : "RHSA-2014:1948", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1948.html" - }, - { - "name" : "RHSA-2015:0068", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0068.html" - }, - { - "name" : "RHSA-2015:0079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0079.html" - }, - { - "name" : "RHSA-2015:0080", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0080.html" - }, - { - "name" : "RHSA-2015:0085", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0085.html" - }, - { - "name" : "RHSA-2015:0086", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0086.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "RHSA-2015:0698", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0698.html" - }, - { - "name" : "RHSA-2015:1545", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1545.html" - }, - { - "name" : "RHSA-2015:1546", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1546.html" - }, - { - "name" : "openSUSE-SU-2014:1331", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" - }, - { - "name" : "SUSE-SU-2014:1357", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" - }, - { - "name" : "SUSE-SU-2014:1361", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" - }, - { - "name" : "SUSE-SU-2014:1526", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:1549", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0336", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" - }, - { - "name" : "SUSE-SU-2015:0376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "openSUSE-SU-2015:0190", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:0503", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:0578", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" - }, - { - "name" : "SUSE-SU-2016:1457", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html" - }, - { - "name" : "SUSE-SU-2016:1459", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" - }, - { - "name" : "USN-2486-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2486-1" - }, - { - "name" : "USN-2487-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2487-1" - }, - { - "name" : "TA14-290A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA14-290A" - }, - { - "name" : "VU#577193", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/577193" - }, - { - "name" : "70574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70574" - }, - { - "name" : "1031029", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031029" - }, - { - "name" : "1031085", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031085" - }, - { - "name" : "1031086", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031086" - }, - { - "name" : "1031087", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031087" - }, - { - "name" : "1031088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031088" - }, - { - "name" : "1031089", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031089" - }, - { - "name" : "1031090", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031090" - }, - { - "name" : "1031091", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031091" - }, - { - "name" : "1031092", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031092" - }, - { - "name" : "1031093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031093" - }, - { - "name" : "1031094", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031094" - }, - { - "name" : "1031095", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031095" - }, - { - "name" : "1031096", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031096" - }, - { - "name" : "1031039", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031039" - }, - { - "name" : "1031105", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031105" - }, - { - "name" : "1031106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031106" - }, - { - "name" : "1031107", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031107" - }, - { - "name" : "1031123", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031123" - }, - { - "name" : "1031120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031120" - }, - { - "name" : "1031124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031124" - }, - { - "name" : "1031130", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031130" - }, - { - "name" : "1031131", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031131" - }, - { - "name" : "1031132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031132" - }, - { - "name" : "61825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61825" - }, - { - "name" : "61827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61827" - }, - { - "name" : "60056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60056" - }, - { - "name" : "60792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60792" - }, - { - "name" : "61019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61019" - }, - { - "name" : "61303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61303" - }, - { - "name" : "61345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61345" - }, - { - "name" : "61359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61359" - }, - { - "name" : "61782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61782" - }, - { - "name" : "61810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61810" - }, - { - "name" : "60206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60206" - }, - { - "name" : "60859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60859" - }, - { - "name" : "61130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61130" - }, - { - "name" : "61316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61316" - }, - { - "name" : "61819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61819" - }, - { - "name" : "59627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59627" - }, - { - "name" : "61926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61926" - }, - { - "name" : "61995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBOV03227", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" + }, + { + "name": "1031090", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031090" + }, + { + "name": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/", + "refsource": "CONFIRM", + "url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/" + }, + { + "name": "RHSA-2014:1880", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html" + }, + { + "name": "HPSBHF03300", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142804214608580&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635" + }, + { + "name": "VU#577193", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/577193" + }, + { + "name": "HPSBMU03184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577087123040&w=2" + }, + { + "name": "HPSBGN03209", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141715130023061&w=2" + }, + { + "name": "openSUSE-SU-2014:1331", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" + }, + { + "name": "https://support.apple.com/kb/HT6542", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6542" + }, + { + "name": "1031106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031106" + }, + { + "name": "HPSBGN03201", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141697638231025&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 (\"POODLE\")", + "refsource": "MLIST", + "url": "http://marc.info/?l=openssl-dev&m=141333049205629&w=2" + }, + { + "name": "SSRT101898", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142350298616097&w=2" + }, + { + "name": "SSRT101896", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142350743917559&w=2" + }, + { + "name": "60056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60056" + }, + { + "name": "RHSA-2014:1877", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html" + }, + { + "name": "HPSBUX03162", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141477196830952&w=2" + }, + { + "name": "61130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61130" + }, + { + "name": "RHSA-2015:1546", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html" + }, + { + "name": "SUSE-SU-2015:0503", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" + }, + { + "name": "https://support.apple.com/kb/HT6529", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6529" + }, + { + "name": "https://www.openssl.org/news/secadv_20141015.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20141015.txt" + }, + { + "name": "APPLE-SA-2014-10-16-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" + }, + { + "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" + }, + { + "name": "RHSA-2014:1920", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html" + }, + { + "name": "1031087", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031087" + }, + { + "name": "HPSBMU03234", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143628269912142&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa83", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa83" + }, + { + "name": "SSRT101849", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879378918327&w=2" + }, + { + "name": "http://support.citrix.com/article/CTX200238", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX200238" + }, + { + "name": "61359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61359" + }, + { + "name": "https://support.apple.com/kb/HT6541", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6541" + }, + { + "name": "1031093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031093" + }, + { + "name": "1031132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031132" + }, + { + "name": "DSA-3144", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3144" + }, + { + "name": "SSRT101790", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721887231400&w=2" + }, + { + "name": "DSA-3253", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3253" + }, + { + "name": "SSRT101846", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "refsource": "CONFIRM", + "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034" + }, + { + "name": "https://www.suse.com/support/kb/doc.php?id=7015773", + "refsource": "CONFIRM", + "url": "https://www.suse.com/support/kb/doc.php?id=7015773" + }, + { + "name": "APPLE-SA-2014-10-16-4", + "refsource": "APPLE", + "url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded" + }, + { + "name": "https://www.elastic.co/blog/logstash-1-4-3-released", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/blog/logstash-1-4-3-released" + }, + { + "name": "SSRT101854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142296755107581&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html", + "refsource": "MISC", + "url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" + }, + { + "name": "HPSBST03195", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142805027510172&w=2" + }, + { + "name": "61827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61827" + }, + { + "name": "HPSBMU03152", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141450452204552&w=2" + }, + { + "name": "RHSA-2015:0079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" + }, + { + "name": "HPSBMU03304", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2" + }, + { + "name": "https://technet.microsoft.com/library/security/3009008.aspx", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/3009008.aspx" + }, + { + "name": "RHSA-2015:1545", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165" + }, + { + "name": "HPSBMU03259", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624619906067&w=2" + }, + { + "name": "1031094", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031094" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" + }, + { + "name": "61316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61316" + }, + { + "name": "GLSA-201606-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-11" + }, + { + "name": "RHSA-2014:1881", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html" + }, + { + "name": "https://www.imperialviolet.org/2014/10/14/poodle.html", + "refsource": "MISC", + "url": "https://www.imperialviolet.org/2014/10/14/poodle.html" + }, + { + "name": "1031096", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031096" + }, + { + "name": "HPSBHF03275", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721887231400&w=2" + }, + { + "name": "61810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61810" + }, + { + "name": "HPSBHF03293", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "DSA-3053", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3053" + }, + { + "name": "HPSBGN03237", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142296755107581&w=2" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/poodle", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/poodle" + }, + { + "name": "1031107", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031107" + }, + { + "name": "1031095", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031095" + }, + { + "name": "HPSBMU03223", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290583027876&w=2" + }, + { + "name": "SUSE-SU-2014:1549", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" + }, + { + "name": "HPSBGN03305", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142962817202793&w=2" + }, + { + "name": "HPSBUX03194", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143101048219218&w=2" + }, + { + "name": "SSRT101868", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "1031091", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031091" + }, + { + "name": "HPSBMU03260", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" + }, + { + "name": "1031123", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031123" + }, + { + "name": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566", + "refsource": "MISC", + "url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566" + }, + { + "name": "https://support.apple.com/HT205217", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205217" + }, + { + "name": "1031092", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031092" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "SUSE-SU-2015:0376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" + }, + { + "name": "61926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61926" + }, + { + "name": "RHSA-2014:1876", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html" + }, + { + "name": "SSRT101779", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2" + }, + { + "name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html", + "refsource": "CONFIRM", + "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html" + }, + { + "name": "HPSBHF03156", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141450973807288&w=2" + }, + { + "name": "openSUSE-SU-2016:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" + }, + { + "name": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf", + "refsource": "CONFIRM", + "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "SSRT101838", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141814011518700&w=2" + }, + { + "name": "HPSBGN03569", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=145983526810210&w=2" + }, + { + "name": "APPLE-SA-2015-09-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983" + }, + { + "name": "https://support.apple.com/kb/HT6531", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6531" + }, + { + "name": "SUSE-SU-2014:1357", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" + }, + { + "name": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip", + "refsource": "CONFIRM", + "url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10091", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10091" + }, + { + "name": "https://support.apple.com/kb/HT6527", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6527" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "SSRT101897", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142350196615714&w=2" + }, + { + "name": "HPSBGN03203", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141697676231104&w=2" + }, + { + "name": "60206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60206" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" + }, + { + "name": "60792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60792" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "DSA-3489", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3489" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20141015-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20141015-0001/" + }, + { + "name": "1031105", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031105" + }, + { + "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", + "refsource": "CONFIRM", + "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" + }, + { + "name": "FEDORA-2014-13069", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html" + }, + { + "name": "1031131", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031131" + }, + { + "name": "HPSBMU03221", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879378918327&w=2" + }, + { + "name": "USN-2487-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2487-1" + }, + { + "name": "SSRT101795", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142740155824959&w=2" + }, + { + "name": "HPSBGN03222", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141813976718456&w=2" + }, + { + "name": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html", + "refsource": "MISC", + "url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html" + }, + { + "name": "1031130", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031130" + }, + { + "name": "HPSBMU03301", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721830231196&w=2" + }, + { + "name": "HPSBGN03164", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577350823734&w=2" + }, + { + "name": "RHSA-2014:1948", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html" + }, + { + "name": "NetBSD-SA2014-015", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" + }, + { + "name": "HPSBGN03192", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141620103726640&w=2" + }, + { + "name": "RHSA-2014:1653", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "HPSBMU03416", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144101915224472&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx" + }, + { + "name": "HPSBMU03283", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624679706236&w=2" + }, + { + "name": "RHSA-2015:0085", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "https://support.apple.com/kb/HT6536", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6536" + }, + { + "name": "FEDORA-2014-12951", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html" + }, + { + "name": "HPSBGN03191", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2" + }, + { + "name": "https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU" + }, + { + "name": "SSRT101767", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141477196830952&w=2" + }, + { + "name": "SUSE-SU-2014:1526", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" + }, + { + "name": "HPSBGN03332", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290371927178&w=2" + }, + { + "name": "RHSA-2014:1652", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + }, + { + "name": "SUSE-SU-2015:0345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" + }, + { + "name": "HPSBST03265", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142546741516006&w=2" + }, + { + "name": "RHSA-2015:0086", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html" + }, + { + "name": "HPSBMU03241", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143039249603103&w=2" + }, + { + "name": "1031124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031124" + }, + { + "name": "SUSE-SU-2015:0578", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" + }, + { + "name": "SUSE-SU-2015:0336", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" + }, + { + "name": "RHSA-2015:0080", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html" + }, + { + "name": "HPSBMU03294", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142740155824959&w=2" + }, + { + "name": "RHSA-2014:1882", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html" + }, + { + "name": "RHSA-2015:0068", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html" + }, + { + "name": "HPSBGN03251", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142354438527235&w=2" + }, + { + "name": "USN-2486-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2486-1" + }, + { + "name": "HPSBGN03391", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144294141001552&w=2" + }, + { + "name": "59627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59627" + }, + { + "name": "HPSBGN03208", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141814011518700&w=2" + }, + { + "name": "SSRT101894", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" + }, + { + "name": "HPSBMU03214", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141694355519663&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "HPSBMU03263", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2" + }, + { + "name": "HPSBGN03254", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142350298616097&w=2" + }, + { + "name": "https://support.lenovo.com/product_security/poodle", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/product_security/poodle" + }, + { + "name": "20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle" + }, + { + "name": "HPSBGN03205", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775427104070&w=2" + }, + { + "name": "RHSA-2015:0698", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "SUSE-SU-2014:1361", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2014-011.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html" + }, + { + "name": "60859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60859" + }, + { + "name": "APPLE-SA-2014-10-20-2", + "refsource": "APPLE", + "url": "http://www.securityfocus.com/archive/1/533746" + }, + { + "name": "GLSA-201507-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-14" + }, + { + "name": "SSRT101921", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624719706349&w=2" + }, + { + "name": "SSRT101951", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm", + "refsource": "CONFIRM", + "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm" + }, + { + "name": "61345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61345" + }, + { + "name": "SSRT101834", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143101048219218&w=2" + }, + { + "name": "61019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61019" + }, + { + "name": "70574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70574" + }, + { + "name": "1031120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031120" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "61825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61825" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0416.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0416.html" + }, + { + "name": "1031029", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031029" + }, + { + "name": "HPSBUX03281", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" + }, + { + "name": "HPSBMU03262", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624719706349&w=2" + }, + { + "name": "HPSBMU03267", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2" + }, + { + "name": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/", + "refsource": "CONFIRM", + "url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681" + }, + { + "name": "HPSBMU03261", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2" + }, + { + "name": "SUSE-SU-2016:1459", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10104", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10104" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "61782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61782" + }, + { + "name": "https://access.redhat.com/articles/1232123", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/articles/1232123" + }, + { + "name": "MDVSA-2015:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" + }, + { + "name": "FEDORA-2015-9110", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html" + }, + { + "name": "1031085", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031085" + }, + { + "name": "HPSBST03418", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144251162130364&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "SSRT101892", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143039249603103&w=2" + }, + { + "name": "APPLE-SA-2014-10-20-1", + "refsource": "APPLE", + "url": "http://www.securityfocus.com/archive/1/533747" + }, + { + "name": "HPSBGN03233", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "SSRT101916", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624679706236&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611" + }, + { + "name": "https://github.com/mpgn/poodle-PoC", + "refsource": "MISC", + "url": "https://github.com/mpgn/poodle-PoC" + }, + { + "name": "MDVSA-2014:203", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203" + }, + { + "name": "SSRT101739", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "SSRT101968", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2" + }, + { + "name": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html", + "refsource": "MISC", + "url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html" + }, + { + "name": "https://support.citrix.com/article/CTX216642", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX216642" + }, + { + "name": "SSRT101899", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142354438527235&w=2" + }, + { + "name": "https://puppet.com/security/cve/poodle-sslv3-vulnerability", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability" + }, + { + "name": "openSUSE-SU-2015:0190", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + }, + { + "name": "61303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61303" + }, + { + "name": "HPSBGN03252", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142350743917559&w=2" + }, + { + "name": "HPSBUX03273", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" + }, + { + "name": "1031039", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031039" + }, + { + "name": "SUSE-SU-2016:1457", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172" + }, + { + "name": "SSRT101998", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721830231196&w=2" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + }, + { + "name": "SSRT101922", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624619906067" + }, + { + "name": "1031089", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031089" + }, + { + "name": "HPSBGN03253", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142350196615714&w=2" + }, + { + "name": "HPSBMU03183", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141628688425177&w=2" + }, + { + "name": "TA14-290A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA14-290A" + }, + { + "name": "FEDORA-2014-13012", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html" + }, + { + "name": "61819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61819" + }, + { + "name": "HPSBGN03255", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142357976805598&w=2" + }, + { + "name": "1031088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031088" + }, + { + "name": "DSA-3147", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3147" + }, + { + "name": "61995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61995" + }, + { + "name": "HPSBGN03202", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141703183219781&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10090", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10090" + }, + { + "name": "SSRT101928", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142357976805598&w=2" + }, + { + "name": "1031086", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031086" + }, + { + "name": "HPSBPI03360", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143558192010071&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "RHSA-2014:1692", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html" + }, + { + "name": "FEDORA-2015-9090", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html" + }, + { + "name": "https://www.openssl.org/~bodo/ssl-poodle.pdf", + "refsource": "MISC", + "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439" + }, + { + "name": "HPSBPI03107", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143558137709884&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3690.json b/2014/3xxx/CVE-2014-3690.json index 97a7fd2331d..b4544a1ee0c 100644 --- a/2014/3xxx/CVE-2014-3690.json +++ b/2014/3xxx/CVE-2014-3690.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141021 CVE-2014-3690: KVM DoS triggerable by malicious host userspace", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/21/4" - }, - { - "name" : "[oss-security] 20141029 Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/29/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d974baa398f34393db76be45f7d4d04fbdbb4a0a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d974baa398f34393db76be45f7d4d04fbdbb4a0a" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1153322", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1153322" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a" - }, - { - "name" : "DSA-3060", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3060" - }, - { - "name" : "MDVSA-2015:058", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058" - }, - { - "name" : "RHSA-2015:0290", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0290.html" - }, - { - "name" : "RHSA-2015:0782", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0782.html" - }, - { - "name" : "RHSA-2015:0864", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0864.html" - }, - { - "name" : "SUSE-SU-2015:0178", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:0736", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" - }, - { - "name" : "USN-2419-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2419-1" - }, - { - "name" : "USN-2420-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2420-1" - }, - { - "name" : "USN-2421-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2421-1" - }, - { - "name" : "USN-2417-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2417-1" - }, - { - "name" : "USN-2418-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2418-1" - }, - { - "name" : "70691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70691" - }, - { - "name" : "60174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141029 Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/29/7" + }, + { + "name": "SUSE-SU-2015:0736", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" + }, + { + "name": "USN-2418-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2418-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2" + }, + { + "name": "USN-2417-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2417-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d974baa398f34393db76be45f7d4d04fbdbb4a0a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d974baa398f34393db76be45f7d4d04fbdbb4a0a" + }, + { + "name": "SUSE-SU-2015:0178", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html" + }, + { + "name": "USN-2419-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2419-1" + }, + { + "name": "DSA-3060", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3060" + }, + { + "name": "70691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70691" + }, + { + "name": "RHSA-2015:0864", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html" + }, + { + "name": "RHSA-2015:0290", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "MDVSA-2015:058", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a" + }, + { + "name": "RHSA-2015:0782", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html" + }, + { + "name": "60174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60174" + }, + { + "name": "USN-2421-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2421-1" + }, + { + "name": "USN-2420-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2420-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1153322", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1153322" + }, + { + "name": "[oss-security] 20141021 CVE-2014-3690: KVM DoS triggerable by malicious host userspace", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/21/4" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3961.json b/2014/3xxx/CVE-2014-3961.json index 5cdd4240d45..899bc4d27e7 100644 --- a/2014/3xxx/CVE-2014-3961.json +++ b/2014/3xxx/CVE-2014-3961.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an \"output CSV\" action to pdb-signup/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33613", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33613" - }, - { - "name" : "20140601 Yarubo #1: Arbitrary SQL Execution in Participants Database\tfor Wordpress", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/0" - }, - { - "name" : "http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html" - }, - { - "name" : "https://www.yarubo.com/advisories/1", - "refsource" : "MISC", - "url" : "https://www.yarubo.com/advisories/1" - }, - { - "name" : "https://wordpress.org/plugins/participants-database/changelog", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/participants-database/changelog" - }, - { - "name" : "67769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67769" - }, - { - "name" : "107626", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/107626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an \"output CSV\" action to pdb-signup/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html" + }, + { + "name": "https://www.yarubo.com/advisories/1", + "refsource": "MISC", + "url": "https://www.yarubo.com/advisories/1" + }, + { + "name": "33613", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33613" + }, + { + "name": "https://wordpress.org/plugins/participants-database/changelog", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/participants-database/changelog" + }, + { + "name": "20140601 Yarubo #1: Arbitrary SQL Execution in Participants Database\tfor Wordpress", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/0" + }, + { + "name": "107626", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/107626" + }, + { + "name": "67769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67769" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6169.json b/2014/6xxx/CVE-2014-6169.json index 48e2facb346..8ed6d0c4e89 100644 --- a/2014/6xxx/CVE-2014-6169.json +++ b/2014/6xxx/CVE-2014-6169.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "103761", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103761" - }, - { - "name" : "ibm-forms-cve20146169-xss(97777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-forms-cve20146169-xss(97777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97777" + }, + { + "name": "103761", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103761" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6474.json b/2014/6xxx/CVE-2014-6474.json index 2fa71f54b18..d8692fe1815 100644 --- a/2014/6xxx/CVE-2014-6474.json +++ b/2014/6xxx/CVE-2014-6474.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6793.json b/2014/6xxx/CVE-2014-6793.json index c0290d17788..15f2f358f6e 100644 --- a/2014/6xxx/CVE-2014-6793.json +++ b/2014/6xxx/CVE-2014-6793.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#778649", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/778649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#778649", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/778649" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7048.json b/2014/7xxx/CVE-2014-7048.json index 39e804dd814..511ab3eba97 100644 --- a/2014/7xxx/CVE-2014-7048.json +++ b/2014/7xxx/CVE-2014-7048.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#328353", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/328353" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#328353", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/328353" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7534.json b/2014/7xxx/CVE-2014-7534.json index f629b4c6774..b5e417c7646 100644 --- a/2014/7xxx/CVE-2014-7534.json +++ b/2014/7xxx/CVE-2014-7534.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Funny & Interesting Things (aka com.wFunnyandInterestingThings) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#984393", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/984393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Funny & Interesting Things (aka com.wFunnyandInterestingThings) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#984393", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/984393" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8690.json b/2014/8xxx/CVE-2014-8690.json index 1bc55a38bc9..cceda18675f 100644 --- a/2014/8xxx/CVE-2014-8690.json +++ b/2014/8xxx/CVE-2014-8690.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) \"First Name\" or (4) \"Last Name\" field to users/edituser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36059", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/36059" - }, - { - "name" : "http://packetstormsecurity.com/files/130382/Exponent-CMS-2.3.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130382/Exponent-CMS-2.3.1-Cross-Site-Scripting.html" - }, - { - "name" : "http://exponentcms.lighthouseapp.com/projects/61783/tickets/1230-universal-cross-site-scripting-in-exponent-cms-231-and-prior", - "refsource" : "CONFIRM", - "url" : "http://exponentcms.lighthouseapp.com/projects/61783/tickets/1230-universal-cross-site-scripting-in-exponent-cms-231-and-prior" - }, - { - "name" : "http://www.exponentcms.org/news/show/title/corrected-security-patches-released-for-v2-1-4-v2-2-3-and-v2-3-0", - "refsource" : "CONFIRM", - "url" : "http://www.exponentcms.org/news/show/title/corrected-security-patches-released-for-v2-1-4-v2-2-3-and-v2-3-0" - }, - { - "name" : "118263", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/118263" - }, - { - "name" : "118345", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/118345" - }, - { - "name" : "1031775", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031775" - }, - { - "name" : "exponentcms-cve20148690-xss(100877)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) \"First Name\" or (4) \"Last Name\" field to users/edituser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130382/Exponent-CMS-2.3.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130382/Exponent-CMS-2.3.1-Cross-Site-Scripting.html" + }, + { + "name": "1031775", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031775" + }, + { + "name": "118263", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/118263" + }, + { + "name": "118345", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/118345" + }, + { + "name": "http://www.exponentcms.org/news/show/title/corrected-security-patches-released-for-v2-1-4-v2-2-3-and-v2-3-0", + "refsource": "CONFIRM", + "url": "http://www.exponentcms.org/news/show/title/corrected-security-patches-released-for-v2-1-4-v2-2-3-and-v2-3-0" + }, + { + "name": "36059", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/36059" + }, + { + "name": "http://exponentcms.lighthouseapp.com/projects/61783/tickets/1230-universal-cross-site-scripting-in-exponent-cms-231-and-prior", + "refsource": "CONFIRM", + "url": "http://exponentcms.lighthouseapp.com/projects/61783/tickets/1230-universal-cross-site-scripting-in-exponent-cms-231-and-prior" + }, + { + "name": "exponentcms-cve20148690-xss(100877)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100877" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8695.json b/2014/8xxx/CVE-2014-8695.json index c139b16e62e..b50327b77bd 100644 --- a/2014/8xxx/CVE-2014-8695.json +++ b/2014/8xxx/CVE-2014-8695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8695", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8695", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8697.json b/2014/8xxx/CVE-2014-8697.json index d6bd0d8b253..609138ce3cc 100644 --- a/2014/8xxx/CVE-2014-8697.json +++ b/2014/8xxx/CVE-2014-8697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2972.json b/2016/2xxx/CVE-2016-2972.json index 2a2e1999145..80220ed4150 100644 --- a/2016/2xxx/CVE-2016-2972.json +++ b/2016/2xxx/CVE-2016-2972.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-23T00:00:00", - "ID" : "CVE-2016-2972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-23T00:00:00", + "ID": "CVE-2016-2972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113855", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113855" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006439", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006439" - }, - { - "name" : "100599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100599" - }, - { - "name" : "1039231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100599" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113855", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113855" + }, + { + "name": "1039231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039231" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006439", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6788.json b/2016/6xxx/CVE-2016-6788.json index 5389874c42c..adfc3cfaaa9 100644 --- a/2016/6xxx/CVE-2016-6788.json +++ b/2016/6xxx/CVE-2016-6788.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94687" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18093.json b/2017/18xxx/CVE-2017-18093.json index a361dc585a8..483cf937ef0 100644 --- a/2017/18xxx/CVE-2017-18093.json +++ b/2017/18xxx/CVE-2017-18093.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-19T00:00:00", - "ID" : "CVE-2017-18093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye and Crucible", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 4.4.3" - }, - { - "version_value" : "prior to 4.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-19T00:00:00", + "ID": "CVE-2017-18093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye and Crucible", + "version": { + "version_data": [ + { + "version_value": "prior to 4.4.3" + }, + { + "version_value": "prior to 4.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8175", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CRUC-8175" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-7008", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-7008" - }, - { - "name" : "103095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103095" + }, + { + "name": "https://jira.atlassian.com/browse/CRUC-8175", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CRUC-8175" + }, + { + "name": "https://jira.atlassian.com/browse/FE-7008", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-7008" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18110.json b/2017/18xxx/CVE-2017-18110.json index 12901a5de3a..b7d9fb95091 100644 --- a/2017/18xxx/CVE-2017-18110.json +++ b/2017/18xxx/CVE-2017-18110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1855.json b/2017/1xxx/CVE-2017-1855.json index 4387ca50704..64edff5559b 100644 --- a/2017/1xxx/CVE-2017-1855.json +++ b/2017/1xxx/CVE-2017-1855.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1855", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1855", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5515.json b/2017/5xxx/CVE-2017-5515.json index 76a27125aca..e7e07a2665e 100644 --- a/2017/5xxx/CVE-2017-5515.json +++ b/2017/5xxx/CVE-2017-5515.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/63", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/issues/63" - }, - { - "name" : "95623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/63", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/issues/63" + }, + { + "name": "95623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95623" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5770.json b/2017/5xxx/CVE-2017-5770.json index 37c81db58ee..403cdb3b819 100644 --- a/2017/5xxx/CVE-2017-5770.json +++ b/2017/5xxx/CVE-2017-5770.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5770", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5770", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5805.json b/2017/5xxx/CVE-2017-5805.json index 5b660c43826..eb7731e9b99 100644 --- a/2017/5xxx/CVE-2017-5805.json +++ b/2017/5xxx/CVE-2017-5805.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-04-27T00:00:00", - "ID" : "CVE-2017-5805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "v7.2" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-04-27T00:00:00", + "ID": "CVE-2017-5805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "v7.2" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us" - }, - { - "name" : "98088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98088" - }, - { - "name" : "1038377", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038377", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038377" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us" + }, + { + "name": "98088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98088" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5991.json b/2017/5xxx/CVE-2017-5991.json index be2dccb2a9f..c724ca947e4 100644 --- a/2017/5xxx/CVE-2017-5991.json +++ b/2017/5xxx/CVE-2017-5991.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42138", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42138/" - }, - { - "name" : "http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697500", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697500" - }, - { - "name" : "DSA-3797", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3797" - }, - { - "name" : "GLSA-201706-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-08" - }, - { - "name" : "96213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465" + }, + { + "name": "DSA-3797", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3797" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697500", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697500" + }, + { + "name": "GLSA-201706-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-08" + }, + { + "name": "42138", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42138/" + }, + { + "name": "96213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96213" + } + ] + } +} \ No newline at end of file