diff --git a/2006/0xxx/CVE-2006-0364.json b/2006/0xxx/CVE-2006-0364.json index c8aa17feaa6..dc7cb559d24 100644 --- a/2006/0xxx/CVE-2006-0364.json +++ b/2006/0xxx/CVE-2006-0364.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by \"javascript\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060118 MyBB Signature HTML Code Injection", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html" - }, - { - "name" : "16308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16308" - }, - { - "name" : "ADV-2006-0255", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0255" - }, - { - "name" : "22628", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22628" - }, - { - "name" : "18544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18544" - }, - { - "name" : "mybb-html-signature-xss(24225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by \"javascript\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0255", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0255" + }, + { + "name": "mybb-html-signature-xss(24225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24225" + }, + { + "name": "16308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16308" + }, + { + "name": "20060118 MyBB Signature HTML Code Injection", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html" + }, + { + "name": "22628", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22628" + }, + { + "name": "18544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18544" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0439.json b/2006/0xxx/CVE-2006-0439.json index 1a839042cf8..465c3f82198 100644 --- a/2006/0xxx/CVE-2006-0439.json +++ b/2006/0xxx/CVE-2006-0439.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060124 [eVuln] Text Rider Sensitive Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423130/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/46/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/46/summary.html" - }, - { - "name" : "ADV-2006-0321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0321" - }, - { - "name" : "1015533", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015533" - }, - { - "name" : "18605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18605" - }, - { - "name" : "textrider-data-information-disclosure(24279)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015533", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015533" + }, + { + "name": "ADV-2006-0321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0321" + }, + { + "name": "textrider-data-information-disclosure(24279)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24279" + }, + { + "name": "http://evuln.com/vulns/46/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/46/summary.html" + }, + { + "name": "18605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18605" + }, + { + "name": "20060124 [eVuln] Text Rider Sensitive Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423130/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0694.json b/2006/0xxx/CVE-2006-0694.json index eed8a41b1ed..c77930162ef 100644 --- a/2006/0xxx/CVE-2006-0694.json +++ b/2006/0xxx/CVE-2006-0694.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving \"converting files accessible by the webserver\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=392826", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=392826" - }, - { - "name" : "16603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16603" - }, - { - "name" : "ADV-2006-0536", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0536" - }, - { - "name" : "18810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18810" - }, - { - "name" : "ansilove-load-information-disclosure(24681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving \"converting files accessible by the webserver\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0536", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0536" + }, + { + "name": "ansilove-load-information-disclosure(24681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24681" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=392826", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=392826" + }, + { + "name": "16603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16603" + }, + { + "name": "18810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18810" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0979.json b/2006/0xxx/CVE-2006-0979.json index a0f7c946620..5e3eab84a06 100644 --- a/2006/0xxx/CVE-2006-0979.json +++ b/2006/0xxx/CVE-2006-0979.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://issuedealer.com/changes/", - "refsource" : "CONFIRM", - "url" : "http://issuedealer.com/changes/" - }, - { - "name" : "16884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16884" - }, - { - "name" : "23502", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23502" - }, - { - "name" : "19018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19018" - }, - { - "name" : "issuedealer-unpublished-issue-disclosure(24929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://issuedealer.com/changes/", + "refsource": "CONFIRM", + "url": "http://issuedealer.com/changes/" + }, + { + "name": "16884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16884" + }, + { + "name": "issuedealer-unpublished-issue-disclosure(24929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24929" + }, + { + "name": "19018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19018" + }, + { + "name": "23502", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23502" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1665.json b/2006/1xxx/CVE-2006-1665.json index f359e9a8a56..6e1b50389e2 100644 --- a/2006/1xxx/CVE-2006-1665.json +++ b/2006/1xxx/CVE-2006-1665.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members.php, (c) pm.php, and (d) mail.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060404 ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429940/100/0/threaded" - }, - { - "name" : "17375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17375" - }, - { - "name" : "arabportal-multiple-xss(25657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members.php, (c) pm.php, and (d) mail.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17375" + }, + { + "name": "arabportal-multiple-xss(25657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25657" + }, + { + "name": "20060404 ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429940/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1926.json b/2006/1xxx/CVE-2006-1926.json index 086cf1a8388..922a22fe01b 100644 --- a/2006/1xxx/CVE-2006-1926.json +++ b/2006/1xxx/CVE-2006-1926.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060419 ThWboard <= 3 Beta 2.84 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431354/100/0/threaded" - }, - { - "name" : "20060611 ThWboard 3.0 <= SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436813/100/0/threaded" - }, - { - "name" : "20060613 Re: BUGTRAQ:20060611 ThWboard 3.0 <= SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436919/100/0/threaded" - }, - { - "name" : "17606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17606" - }, - { - "name" : "thwboard-showtopic-sql-injection(25891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17606" + }, + { + "name": "20060613 Re: BUGTRAQ:20060611 ThWboard 3.0 <= SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436919/100/0/threaded" + }, + { + "name": "20060611 ThWboard 3.0 <= SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436813/100/0/threaded" + }, + { + "name": "thwboard-showtopic-sql-injection(25891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25891" + }, + { + "name": "20060419 ThWboard <= 3 Beta 2.84 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431354/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3288.json b/2006/3xxx/CVE-2006-3288.json index 2cb7e77d015..3e90d4e7dbe 100644 --- a/2006/3xxx/CVE-2006-3288.json +++ b/2006/3xxx/CVE-2006-3288.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060628 Multiple Vulnerabilities in Wireless Control System", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml" - }, - { - "name" : "18701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18701" - }, - { - "name" : "ADV-2006-2583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2583" - }, - { - "name" : "26881", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26881" - }, - { - "name" : "1016398", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016398" - }, - { - "name" : "20870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20870" - }, - { - "name" : "cisco-wcs-tftp-access(27440)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2583" + }, + { + "name": "20870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20870" + }, + { + "name": "20060628 Multiple Vulnerabilities in Wireless Control System", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml" + }, + { + "name": "1016398", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016398" + }, + { + "name": "26881", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26881" + }, + { + "name": "18701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18701" + }, + { + "name": "cisco-wcs-tftp-access(27440)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27440" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3431.json b/2006/3xxx/CVE-2006-3431.json index a996389129c..e72eccc2809 100644 --- a/2006/3xxx/CVE-2006-3431.json +++ b/2006/3xxx/CVE-2006-3431.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the \"Style\" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060703 Excel 2000/XP/2003 Style 0day POC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438963/100/0/threaded" - }, - { - "name" : "20060707 Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439427/100/0/threaded" - }, - { - "name" : "20060711 New CVE number states Excel Style handling as a separate issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=115274676314243&w=2" - }, - { - "name" : "HPSBST02161", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "SSRT061264", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "MS06-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059" - }, - { - "name" : "18872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18872" - }, - { - "name" : "ADV-2006-2689", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2689" - }, - { - "name" : "oval:org.mitre.oval:def:431", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A431" - }, - { - "name" : "1016430", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016430" - }, - { - "name" : "20268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the \"Style\" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060707 Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439427/100/0/threaded" + }, + { + "name": "SSRT061264", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "20268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20268" + }, + { + "name": "MS06-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059" + }, + { + "name": "oval:org.mitre.oval:def:431", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A431" + }, + { + "name": "1016430", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016430" + }, + { + "name": "20060711 New CVE number states Excel Style handling as a separate issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=115274676314243&w=2" + }, + { + "name": "HPSBST02161", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "18872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18872" + }, + { + "name": "ADV-2006-2689", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2689" + }, + { + "name": "20060703 Excel 2000/XP/2003 Style 0day POC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438963/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3929.json b/2006/3xxx/CVE-2006-3929.json index f03768f1a20..3589b07499c 100644 --- a/2006/3xxx/CVE-2006-3929.json +++ b/2006/3xxx/CVE-2006-3929.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060726 Zyxel Prestige 660H-61 Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441193/100/0/threaded" - }, - { - "name" : "http://www.eazel.es/media/advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://www.eazel.es/media/advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.html" - }, - { - "name" : "19180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19180" - }, - { - "name" : "ADV-2006-3012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3012" - }, - { - "name" : "27548", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27548" - }, - { - "name" : "1016598", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016598" - }, - { - "name" : "21225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21225" - }, - { - "name" : "1301", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1301" - }, - { - "name" : "zyxel-prestige-rpsysadmin-xss(28021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19180" + }, + { + "name": "zyxel-prestige-rpsysadmin-xss(28021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28021" + }, + { + "name": "27548", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27548" + }, + { + "name": "20060726 Zyxel Prestige 660H-61 Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441193/100/0/threaded" + }, + { + "name": "ADV-2006-3012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3012" + }, + { + "name": "21225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21225" + }, + { + "name": "1016598", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016598" + }, + { + "name": "http://www.eazel.es/media/advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://www.eazel.es/media/advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.html" + }, + { + "name": "1301", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1301" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4146.json b/2006/4xxx/CVE-2006-4146.json index 372070877cb..4fceb919064 100644 --- a/2006/4xxx/CVE-2006-4146.json +++ b/2006/4xxx/CVE-2006-4146.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=304669", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304669" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm" - }, - { - "name" : "APPLE-SA-2006-10-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html" - }, - { - "name" : "GLSA-200711-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-23.xml" - }, - { - "name" : "RHSA-2007:0229", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0229.html" - }, - { - "name" : "RHSA-2007:0469", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0469.html" - }, - { - "name" : "20070602-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc" - }, - { - "name" : "USN-356-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-356-1" - }, - { - "name" : "19802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19802" - }, - { - "name" : "oval:org.mitre.oval:def:10463", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463" - }, - { - "name" : "ADV-2006-3433", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3433" - }, - { - "name" : "ADV-2006-4283", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4283" - }, - { - "name" : "ADV-2007-3229", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3229" - }, - { - "name" : "28318", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28318" - }, - { - "name" : "1017138", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017138" - }, - { - "name" : "21713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21713" - }, - { - "name" : "22205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22205" - }, - { - "name" : "22662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22662" - }, - { - "name" : "25098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25098" - }, - { - "name" : "25632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25632" - }, - { - "name" : "25894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25894" - }, - { - "name" : "25934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25934" - }, - { - "name" : "26909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26909" - }, - { - "name" : "27706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" + }, + { + "name": "ADV-2006-4283", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4283" + }, + { + "name": "25098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25098" + }, + { + "name": "GLSA-200711-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml" + }, + { + "name": "25894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25894" + }, + { + "name": "RHSA-2007:0469", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0469.html" + }, + { + "name": "ADV-2007-3229", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3229" + }, + { + "name": "APPLE-SA-2006-10-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html" + }, + { + "name": "28318", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28318" + }, + { + "name": "1017138", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017138" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm" + }, + { + "name": "oval:org.mitre.oval:def:10463", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463" + }, + { + "name": "RHSA-2007:0229", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0229.html" + }, + { + "name": "22662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22662" + }, + { + "name": "25632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25632" + }, + { + "name": "25934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25934" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304669", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304669" + }, + { + "name": "ADV-2006-3433", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3433" + }, + { + "name": "26909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26909" + }, + { + "name": "27706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27706" + }, + { + "name": "21713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21713" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841" + }, + { + "name": "22205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22205" + }, + { + "name": "19802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19802" + }, + { + "name": "20070602-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc" + }, + { + "name": "USN-356-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-356-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4521.json b/2006/4xxx/CVE-2006-4521.json index 86aeac94e8a..e55641208f5 100644 --- a/2006/4xxx/CVE-2006-4521.json +++ b/2006/4xxx/CVE-2006-4521.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061027 Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437" - }, - { - "name" : "20842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20842" - }, - { - "name" : "ADV-2006-4293", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4293" - }, - { - "name" : "1017140", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017140" - }, - { - "name" : "22660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22660" - }, - { - "name" : "novell-berdecodelogindatarequeset-dos(29963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22660" + }, + { + "name": "ADV-2006-4293", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4293" + }, + { + "name": "20842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20842" + }, + { + "name": "novell-berdecodelogindatarequeset-dos(29963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29963" + }, + { + "name": "20061027 Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437" + }, + { + "name": "1017140", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017140" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4730.json b/2006/4xxx/CVE-2006-4730.json index a7fff778e91..068f96ca751 100644 --- a/2006/4xxx/CVE-2006-4730.json +++ b/2006/4xxx/CVE-2006-4730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2110.json b/2010/2xxx/CVE-2010-2110.json index 92290c27982..f3664f2dac5 100644 --- a/2010/2xxx/CVE-2010-2110.json +++ b/2010/2xxx/CVE-2010-2110.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=42228", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=42228" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:12123", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:12123", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12123" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=42228", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=42228" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2410.json b/2010/2xxx/CVE-2010-2410.json index dfb923863e0..2247715311c 100644 --- a/2010/2xxx/CVE-2010-2410.json +++ b/2010/2xxx/CVE-2010-2410.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2409." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2409." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2620.json b/2010/2xxx/CVE-2010-2620.json index 2652b08e7ce..e782f0d4607 100644 --- a/2010/2xxx/CVE-2010-2620.json +++ b/2010/2xxx/CVE-2010-2620.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13932", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13932" - }, - { - "name" : "40284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40284" + }, + { + "name": "13932", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13932" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2927.json b/2010/2xxx/CVE-2010-2927.json index 2037b5a4540..8cf7c905218 100644 --- a/2010/2xxx/CVE-2010-2927.json +++ b/2010/2xxx/CVE-2010-2927.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24027463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24027463" - }, - { - "name" : "IO12399", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IO12399" - }, - { - "name" : "42093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42093" - }, - { - "name" : "66782", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66782" - }, - { - "name" : "40791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40791" - }, - { - "name" : "ibm-tds-digestmd5-dos(60821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24027463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24027463" + }, + { + "name": "66782", + "refsource": "OSVDB", + "url": "http://osvdb.org/66782" + }, + { + "name": "ibm-tds-digestmd5-dos(60821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60821" + }, + { + "name": "40791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40791" + }, + { + "name": "42093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42093" + }, + { + "name": "IO12399", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IO12399" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3410.json b/2010/3xxx/CVE-2010-3410.json index c183e1fd295..0f43250429b 100644 --- a/2010/3xxx/CVE-2010-3410.json +++ b/2010/3xxx/CVE-2010-3410.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3410", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1825. Reason: This candidate is a duplicate of CVE-2010-1825. Notes: All CVE users should reference CVE-2010-1825 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3410", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1825. Reason: This candidate is a duplicate of CVE-2010-1825. Notes: All CVE users should reference CVE-2010-1825 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3577.json b/2010/3xxx/CVE-2010-3577.json index b1b820e06be..374eb276a3b 100644 --- a/2010/3xxx/CVE-2010-3577.json +++ b/2010/3xxx/CVE-2010-3577.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality and integrity, related to Kernel/CIFS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality and integrity, related to Kernel/CIFS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3642.json b/2010/3xxx/CVE-2010-3642.json index d921f1acafb..31f92a74292 100644 --- a/2010/3xxx/CVE-2010-3642.json +++ b/2010/3xxx/CVE-2010-3642.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02663", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2" - }, - { - "name" : "SSRT100428", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2" - }, - { - "name" : "RHSA-2010:0829", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0829.html" - }, - { - "name" : "RHSA-2010:0834", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0834.html" - }, - { - "name" : "RHSA-2010:0867", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0867.html" - }, - { - "name" : "SUSE-SA:2010:055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" - }, - { - "name" : "44678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44678" - }, - { - "name" : "oval:org.mitre.oval:def:12065", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12065" - }, - { - "name" : "oval:org.mitre.oval:def:16254", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16254" - }, - { - "name" : "42183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42183" - }, - { - "name" : "42926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42926" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-2903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2903" - }, - { - "name" : "ADV-2010-2906", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2906" - }, - { - "name" : "ADV-2010-2918", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2918" - }, - { - "name" : "ADV-2011-0173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0173" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "42183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42183" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "ADV-2010-2918", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2918" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "RHSA-2010:0834", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html" + }, + { + "name": "SUSE-SA:2010:055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" + }, + { + "name": "42926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42926" + }, + { + "name": "SSRT100428", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2" + }, + { + "name": "ADV-2010-2903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2903" + }, + { + "name": "HPSBMA02663", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2" + }, + { + "name": "ADV-2011-0173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0173" + }, + { + "name": "oval:org.mitre.oval:def:12065", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12065" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" + }, + { + "name": "44678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44678" + }, + { + "name": "ADV-2010-2906", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2906" + }, + { + "name": "RHSA-2010:0867", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html" + }, + { + "name": "RHSA-2010:0829", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html" + }, + { + "name": "oval:org.mitre.oval:def:16254", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16254" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3690.json b/2010/3xxx/CVE-2010-3690.json index 4037953932a..742611884bc 100644 --- a/2010/3xxx/CVE-2010-3690.json +++ b/2010/3xxx/CVE-2010-3690.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/29/6" - }, - { - "name" : "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/01/2" - }, - { - "name" : "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/01/5" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82" - }, - { - "name" : "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538", - "refsource" : "CONFIRM", - "url" : "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538" - }, - { - "name" : "https://issues.jasig.org/browse/PHPCAS-80", - "refsource" : "CONFIRM", - "url" : "https://issues.jasig.org/browse/PHPCAS-80" - }, - { - "name" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" - }, - { - "name" : "DSA-2172", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2172" - }, - { - "name" : "FEDORA-2010-15943", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html" - }, - { - "name" : "FEDORA-2010-15970", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html" - }, - { - "name" : "FEDORA-2010-16905", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" - }, - { - "name" : "FEDORA-2010-16912", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" - }, - { - "name" : "43585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43585" - }, - { - "name" : "41878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41878" - }, - { - "name" : "42149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42149" - }, - { - "name" : "42184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42184" - }, - { - "name" : "43427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43427" - }, - { - "name" : "ADV-2010-2705", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2705" - }, - { - "name" : "ADV-2010-2909", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2909" - }, - { - "name" : "ADV-2011-0456", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82" + }, + { + "name": "DSA-2172", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2172" + }, + { + "name": "https://issues.jasig.org/browse/PHPCAS-80", + "refsource": "CONFIRM", + "url": "https://issues.jasig.org/browse/PHPCAS-80" + }, + { + "name": "ADV-2011-0456", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0456" + }, + { + "name": "FEDORA-2010-15943", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html" + }, + { + "name": "FEDORA-2010-15970", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html" + }, + { + "name": "ADV-2010-2909", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2909" + }, + { + "name": "43585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43585" + }, + { + "name": "42149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42149" + }, + { + "name": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" + }, + { + "name": "ADV-2010-2705", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2705" + }, + { + "name": "43427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43427" + }, + { + "name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/29/6" + }, + { + "name": "FEDORA-2010-16912", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" + }, + { + "name": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538", + "refsource": "CONFIRM", + "url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538" + }, + { + "name": "FEDORA-2010-16905", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" + }, + { + "name": "41878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41878" + }, + { + "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/01/5" + }, + { + "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/01/2" + }, + { + "name": "42184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42184" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3718.json b/2010/3xxx/CVE-2010-3718.json index 4580dd58ac3..4a3975a86f5 100644 --- a/2010/3xxx/CVE-2010-3718.json +++ b/2010/3xxx/CVE-2010-3718.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516211/100/0/threaded" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "MISC", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "MISC", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "MISC", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "DSA-2160", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2160" - }, - { - "name" : "HPSBUX02725", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132215163318824&w=2" - }, - { - "name" : "SSRT100627", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132215163318824&w=2" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "HPSBUX02645", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130168502603566&w=2" - }, - { - "name" : "MDVSA-2011:030", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030" - }, - { - "name" : "RHSA-2011:0791", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0791.html" - }, - { - "name" : "RHSA-2011:0896", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0896.html" - }, - { - "name" : "RHSA-2011:0897", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0897.html" - }, - { - "name" : "RHSA-2011:1845", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1845.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "46177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46177" - }, - { - "name" : "oval:org.mitre.oval:def:12517", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517" - }, - { - "name" : "oval:org.mitre.oval:def:13969", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969" - }, - { - "name" : "oval:org.mitre.oval:def:19379", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379" - }, - { - "name" : "1025025", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025025" - }, - { - "name" : "43192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43192" - }, - { - "name" : "45022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45022" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - }, - { - "name" : "8072", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8072" - }, - { - "name" : "tomcat-servletcontect-sec-bypass(65159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46177" + }, + { + "name": "oval:org.mitre.oval:def:13969", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969" + }, + { + "name": "20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516211/100/0/threaded" + }, + { + "name": "8072", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8072" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "MISC", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "45022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45022" + }, + { + "name": "RHSA-2011:1845", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "SSRT100627", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" + }, + { + "name": "tomcat-servletcontect-sec-bypass(65159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65159" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "MDVSA-2011:030", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030" + }, + { + "name": "oval:org.mitre.oval:def:19379", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379" + }, + { + "name": "RHSA-2011:0897", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "RHSA-2011:0791", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html" + }, + { + "name": "43192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43192" + }, + { + "name": "RHSA-2011:0896", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" + }, + { + "name": "DSA-2160", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2160" + }, + { + "name": "1025025", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025025" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "HPSBUX02725", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "MISC", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "oval:org.mitre.oval:def:12517", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517" + }, + { + "name": "HPSBUX02645", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130168502603566&w=2" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "MISC", + "url": "http://tomcat.apache.org/security-7.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3765.json b/2010/3xxx/CVE-2010-3765.json index 97563c00d0a..7cf74d9787d 100644 --- a/2010/3xxx/CVE-2010-3765.json +++ b/2010/3xxx/CVE-2010-3765.json @@ -1,312 +1,312 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15341", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15341" - }, - { - "name" : "15342", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15342" - }, - { - "name" : "15352", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15352" - }, - { - "name" : "http://isc.sans.edu/diary.html?storyid=9817", - "refsource" : "MISC", - "url" : "http://isc.sans.edu/diary.html?storyid=9817" - }, - { - "name" : "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/", - "refsource" : "MISC", - "url" : "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/" - }, - { - "name" : "http://www.norman.com/security_center/virus_description_archive/129146/", - "refsource" : "MISC", - "url" : "http://www.norman.com/security_center/virus_description_archive/129146/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53" - }, - { - "name" : "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter", - "refsource" : "MISC", - "url" : "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter" - }, - { - "name" : "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/", - "refsource" : "CONFIRM", - "url" : "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=607222", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=607222" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=646997", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=646997" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114329", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114329" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114335", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114335" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "DSA-2124", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2124" - }, - { - "name" : "FEDORA-2010-17105", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html" - }, - { - "name" : "FEDORA-2010-16883", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html" - }, - { - "name" : "FEDORA-2010-16885", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html" - }, - { - "name" : "FEDORA-2010-16897", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html" - }, - { - "name" : "MDVSA-2010:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213" - }, - { - "name" : "MDVSA-2010:219", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219" - }, - { - "name" : "RHSA-2010:0809", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0809.html" - }, - { - "name" : "RHSA-2010:0810", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0810.html" - }, - { - "name" : "RHSA-2010:0808", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0808.html" - }, - { - "name" : "RHSA-2010:0812", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0812.html" - }, - { - "name" : "RHSA-2010:0861", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0861.html" - }, - { - "name" : "RHSA-2010:0896", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0896.html" - }, - { - "name" : "SSA:2010-305-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706" - }, - { - "name" : "USN-1011-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1011-3" - }, - { - "name" : "USN-1011-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-1011-1" - }, - { - "name" : "USN-1011-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1011-2" - }, - { - "name" : "44425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44425" - }, - { - "name" : "oval:org.mitre.oval:def:12108", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108" - }, - { - "name" : "1024650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024650" - }, - { - "name" : "1024651", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024651" - }, - { - "name" : "1024645", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024645" - }, - { - "name" : "41966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41966" - }, - { - "name" : "41969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41969" - }, - { - "name" : "42008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42008" - }, - { - "name" : "42043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42043" - }, - { - "name" : "41761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41761" - }, - { - "name" : "41965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41965" - }, - { - "name" : "41975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41975" - }, - { - "name" : "42003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42003" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2010-2871", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2871" - }, - { - "name" : "ADV-2010-2837", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2837" - }, - { - "name" : "ADV-2010-2857", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2857" - }, - { - "name" : "ADV-2010-2864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2864" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44425" + }, + { + "name": "RHSA-2010:0812", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0812.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53" + }, + { + "name": "ADV-2010-2837", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2837" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=646997", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=646997" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114335", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114335" + }, + { + "name": "41965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41965" + }, + { + "name": "41975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41975" + }, + { + "name": "RHSA-2010:0896", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0896.html" + }, + { + "name": "RHSA-2010:0808", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0808.html" + }, + { + "name": "15341", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15341" + }, + { + "name": "1024651", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024651" + }, + { + "name": "41761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41761" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222" + }, + { + "name": "FEDORA-2010-17105", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html" + }, + { + "name": "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter", + "refsource": "MISC", + "url": "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter" + }, + { + "name": "41969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41969" + }, + { + "name": "USN-1011-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1011-3" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/", + "refsource": "MISC", + "url": "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/" + }, + { + "name": "USN-1011-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-1011-1" + }, + { + "name": "1024650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024650" + }, + { + "name": "USN-1011-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1011-2" + }, + { + "name": "RHSA-2010:0809", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0809.html" + }, + { + "name": "MDVSA-2010:219", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/", + "refsource": "CONFIRM", + "url": "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/" + }, + { + "name": "ADV-2010-2857", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2857" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114329", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114329" + }, + { + "name": "DSA-2124", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2124" + }, + { + "name": "1024645", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024645" + }, + { + "name": "42043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42043" + }, + { + "name": "http://www.norman.com/security_center/virus_description_archive/129146/", + "refsource": "MISC", + "url": "http://www.norman.com/security_center/virus_description_archive/129146/" + }, + { + "name": "41966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41966" + }, + { + "name": "MDVSA-2010:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213" + }, + { + "name": "42008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42008" + }, + { + "name": "FEDORA-2010-16883", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html" + }, + { + "name": "SSA:2010-305-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706" + }, + { + "name": "ADV-2010-2871", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2871" + }, + { + "name": "http://isc.sans.edu/diary.html?storyid=9817", + "refsource": "MISC", + "url": "http://isc.sans.edu/diary.html?storyid=9817" + }, + { + "name": "RHSA-2010:0810", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0810.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html" + }, + { + "name": "15352", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15352" + }, + { + "name": "oval:org.mitre.oval:def:12108", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108" + }, + { + "name": "42003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42003" + }, + { + "name": "FEDORA-2010-16897", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html" + }, + { + "name": "RHSA-2010:0861", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0861.html" + }, + { + "name": "FEDORA-2010-16885", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html" + }, + { + "name": "15342", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15342" + }, + { + "name": "ADV-2010-2864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2864" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4151.json b/2010/4xxx/CVE-2010-4151.json index c17cc5332d5..99351629bbf 100644 --- a/2010/4xxx/CVE-2010-4151.json +++ b/2010/4xxx/CVE-2010-4151.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101019 SQL injection in DeluxeBB", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514374/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/deluxebb13x-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/deluxebb13x-sql.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html" - }, - { - "name" : "http://www.deluxebb.com/community/topic.php?tid=993", - "refsource" : "CONFIRM", - "url" : "http://www.deluxebb.com/community/topic.php?tid=993" - }, - { - "name" : "44259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44259" - }, - { - "name" : "41918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41918" - }, - { - "name" : "deluxebb-xthedateformat-sql-injection(62660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html" + }, + { + "name": "41918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41918" + }, + { + "name": "http://www.deluxebb.com/community/topic.php?tid=993", + "refsource": "CONFIRM", + "url": "http://www.deluxebb.com/community/topic.php?tid=993" + }, + { + "name": "20101019 SQL injection in DeluxeBB", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514374/100/0/threaded" + }, + { + "name": "44259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44259" + }, + { + "name": "deluxebb-xthedateformat-sql-injection(62660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62660" + }, + { + "name": "http://packetstormsecurity.org/1010-exploits/deluxebb13x-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/deluxebb13x-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4480.json b/2010/4xxx/CVE-2010-4480.json index 309a817b663..0e64ff5e5fe 100644 --- a/2010/4xxx/CVE-2010-4480.json +++ b/2010/4xxx/CVE-2010-4480.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing \"@\" characters, as demonstrated using \"[a@url@page]\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15699", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15699" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php" - }, - { - "name" : "DSA-2139", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2139" - }, - { - "name" : "MDVSA-2011:000", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:000" - }, - { - "name" : "45633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45633" - }, - { - "name" : "42485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42485" - }, - { - "name" : "42725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42725" - }, - { - "name" : "ADV-2010-3133", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3133" - }, - { - "name" : "ADV-2011-0001", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0001" - }, - { - "name" : "ADV-2011-0027", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing \"@\" characters, as demonstrated using \"[a@url@page]\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0027", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0027" + }, + { + "name": "ADV-2011-0001", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0001" + }, + { + "name": "45633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45633" + }, + { + "name": "42485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42485" + }, + { + "name": "DSA-2139", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2139" + }, + { + "name": "15699", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15699" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php" + }, + { + "name": "ADV-2010-3133", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3133" + }, + { + "name": "42725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42725" + }, + { + "name": "MDVSA-2011:000", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:000" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1022.json b/2011/1xxx/CVE-2011-1022.json index eeced600aae..bba7806f63d 100644 --- a/2011/1xxx/CVE-2011-1022.json +++ b/2011/1xxx/CVE-2011-1022.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libcg-devel] 20101115 Fwd: libcgroup netlink", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=26598749" - }, - { - "name" : "[libcg-devel] 20110218 [PATCH 2/2] cgrulesengd: Ignore netlink messages that don't come from the kernel.", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=27102603" - }, - { - "name" : "[oss-security] 20110224 CVE request: libcgroup: Failure to verify netlink messages", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/25/6" - }, - { - "name" : "[oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/25/9" - }, - { - "name" : "[oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/25/11" - }, - { - "name" : "[oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/25/12" - }, - { - "name" : "[oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/25/14" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987" - }, - { - "name" : "http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680409", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680409" - }, - { - "name" : "DSA-2193", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2193" - }, - { - "name" : "FEDORA-2011-2631", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html" - }, - { - "name" : "FEDORA-2011-2638", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html" - }, - { - "name" : "RHSA-2011:0320", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0320.html" - }, - { - "name" : "openSUSE-SU-2011:0316", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html" - }, - { - "name" : "46578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46578" - }, - { - "name" : "1025157", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025157" - }, - { - "name" : "43611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43611" - }, - { - "name" : "43758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43758" - }, - { - "name" : "43891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43891" - }, - { - "name" : "44093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44093" - }, - { - "name" : "ADV-2011-0679", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0679" - }, - { - "name" : "ADV-2011-0774", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/25/11" + }, + { + "name": "43758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43758" + }, + { + "name": "44093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44093" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987" + }, + { + "name": "1025157", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025157" + }, + { + "name": "46578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46578" + }, + { + "name": "http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download" + }, + { + "name": "43891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43891" + }, + { + "name": "DSA-2193", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2193" + }, + { + "name": "openSUSE-SU-2011:0316", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html" + }, + { + "name": "FEDORA-2011-2631", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html" + }, + { + "name": "ADV-2011-0679", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0679" + }, + { + "name": "ADV-2011-0774", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0774" + }, + { + "name": "[libcg-devel] 20101115 Fwd: libcgroup netlink", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=26598749" + }, + { + "name": "[oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/25/14" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680409", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680409" + }, + { + "name": "RHSA-2011:0320", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0320.html" + }, + { + "name": "[oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/25/12" + }, + { + "name": "43611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43611" + }, + { + "name": "FEDORA-2011-2638", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html" + }, + { + "name": "[oss-security] 20110224 CVE request: libcgroup: Failure to verify netlink messages", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/25/6" + }, + { + "name": "[oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/25/9" + }, + { + "name": "[libcg-devel] 20110218 [PATCH 2/2] cgrulesengd: Ignore netlink messages that don't come from the kernel.", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=27102603" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1145.json b/2011/1xxx/CVE-2011-1145.json index 703bb09e21f..ea7aa867032 100644 --- a/2011/1xxx/CVE-2011-1145.json +++ b/2011/1xxx/CVE-2011-1145.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1145", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1145", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1384.json b/2011/1xxx/CVE-2011-1384.json index cade9eca6f3..ffa0505093a 100644 --- a/2011/1xxx/CVE-2011-1384.json +++ b/2011/1xxx/CVE-2011-1384.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc" - }, - { - "name" : "IV11643", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643" - }, - { - "name" : "51059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51059" - }, - { - "name" : "51083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51083" - }, - { - "name" : "47222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47222" - }, - { - "name" : "aix-scout-symlink(71615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aix-scout-symlink(71615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615" + }, + { + "name": "47222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47222" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc" + }, + { + "name": "51059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51059" + }, + { + "name": "51083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51083" + }, + { + "name": "IV11643", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1791.json b/2011/1xxx/CVE-2011-1791.json index bfdc9437a3f..732cc81fcf5 100644 --- a/2011/1xxx/CVE-2011-1791.json +++ b/2011/1xxx/CVE-2011-1791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1791", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1791", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1899.json b/2011/1xxx/CVE-2011-1899.json index ba6d47a07e2..cd0db5845fc 100644 --- a/2011/1xxx/CVE-2011-1899.json +++ b/2011/1xxx/CVE-2011-1899.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110510 CA20110510-01: Security Notice for CA eHealth", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517956/100/0/threaded" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5662845D-4CD7-4CE6-8829-4F07A4C67366}", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5662845D-4CD7-4CE6-8829-4F07A4C67366}" - }, - { - "name" : "47795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47795" - }, - { - "name" : "1025518", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025518" - }, - { - "name" : "44482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44482" - }, - { - "name" : "8252", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8252" - }, - { - "name" : "ehealth-unspecified-xss(67389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44482" + }, + { + "name": "1025518", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025518" + }, + { + "name": "8252", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8252" + }, + { + "name": "20110510 CA20110510-01: Security Notice for CA eHealth", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517956/100/0/threaded" + }, + { + "name": "47795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47795" + }, + { + "name": "ehealth-unspecified-xss(67389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67389" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5662845D-4CD7-4CE6-8829-4F07A4C67366}", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5662845D-4CD7-4CE6-8829-4F07A4C67366}" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1963.json b/2011/1xxx/CVE-2011-1963.json index cea11fd8509..af97fa2d537 100644 --- a/2011/1xxx/CVE-2011-1963.json +++ b/2011/1xxx/CVE-2011-1963.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"XSLT Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" - }, - { - "name" : "TA11-221A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12753", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"XSLT Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" + }, + { + "name": "oval:org.mitre.oval:def:12753", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12753" + }, + { + "name": "TA11-221A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5020.json b/2011/5xxx/CVE-2011-5020.json index a36007634de..8b954d5c9d4 100644 --- a/2011/5xxx/CVE-2011-5020.json +++ b/2011/5xxx/CVE-2011-5020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5020", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5020", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5074.json b/2011/5xxx/CVE-2011-5074.json index dd96f329a69..5da1004a86b 100644 --- a/2011/5xxx/CVE-2011-5074.json +++ b/2011/5xxx/CVE-2011-5074.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519636" - }, - { - "name" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html" - }, - { - "name" : "http://sitracker.org/wiki/ReleaseNotes365", - "refsource" : "CONFIRM", - "url" : "http://sitracker.org/wiki/ReleaseNotes365" - }, - { - "name" : "46019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sitracker.org/wiki/ReleaseNotes365", + "refsource": "CONFIRM", + "url": "http://sitracker.org/wiki/ReleaseNotes365" + }, + { + "name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519636" + }, + { + "name": "46019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46019" + }, + { + "name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3726.json b/2014/3xxx/CVE-2014-3726.json index 10e5e998969..5c41aeffc72 100644 --- a/2014/3xxx/CVE-2014-3726.json +++ b/2014/3xxx/CVE-2014-3726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3866.json b/2014/3xxx/CVE-2014-3866.json index 9a3dda7ab2a..941fc5ba676 100644 --- a/2014/3xxx/CVE-2014-3866.json +++ b/2014/3xxx/CVE-2014-3866.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.openflare.org/advisories/OF-2014-11/usercake_csrf.txt", - "refsource" : "MISC", - "url" : "http://research.openflare.org/advisories/OF-2014-11/usercake_csrf.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://research.openflare.org/advisories/OF-2014-11/usercake_csrf.txt", + "refsource": "MISC", + "url": "http://research.openflare.org/advisories/OF-2014-11/usercake_csrf.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7009.json b/2014/7xxx/CVE-2014-7009.json index a701468ade2..24c534a23e1 100644 --- a/2014/7xxx/CVE-2014-7009.json +++ b/2014/7xxx/CVE-2014-7009.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#741425", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/741425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#741425", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/741425" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7171.json b/2014/7xxx/CVE-2014-7171.json index 0eb62f09388..a8ea26a7cb3 100644 --- a/2014/7xxx/CVE-2014-7171.json +++ b/2014/7xxx/CVE-2014-7171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7306.json b/2014/7xxx/CVE-2014-7306.json index 27dad8e5429..93b62b7d822 100644 --- a/2014/7xxx/CVE-2014-7306.json +++ b/2014/7xxx/CVE-2014-7306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7362.json b/2014/7xxx/CVE-2014-7362.json index c9a0b44b25e..6265e83834e 100644 --- a/2014/7xxx/CVE-2014-7362.json +++ b/2014/7xxx/CVE-2014-7362.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#388633", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/388633" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#388633", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/388633" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7427.json b/2014/7xxx/CVE-2014-7427.json index 6ebd0906699..de18a7a8941 100644 --- a/2014/7xxx/CVE-2014-7427.json +++ b/2014/7xxx/CVE-2014-7427.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application 0.75.13441.88885 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#853449", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/853449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application 0.75.13441.88885 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#853449", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/853449" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8427.json b/2014/8xxx/CVE-2014-8427.json index 699c678adc4..f0124f9bc77 100644 --- a/2014/8xxx/CVE-2014-8427.json +++ b/2014/8xxx/CVE-2014-8427.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8427", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8427", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8510.json b/2014/8xxx/CVE-2014-8510.json index d3b35054e95..1a81ea3218e 100644 --- a/2014/8xxx/CVE-2014-8510.json +++ b/2014/8xxx/CVE-2014-8510.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-373/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-373/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-373/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-373/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8608.json b/2014/8xxx/CVE-2014-8608.json index 2c0385c7d5c..70c56cfe054 100644 --- a/2014/8xxx/CVE-2014-8608.json +++ b/2014/8xxx/CVE-2014-8608.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing \"crashme$$\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141210 CVE-2014-8608 - Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys]", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/45" - }, - { - "name" : "http://packetstormsecurity.com/files/129470/K7-Computing-Multiple-Products-Null-Pointer-Dereference.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129470/K7-Computing-Multiple-Products-Null-Pointer-Dereference.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8608/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8608/" - }, - { - "name" : "71615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing \"crashme$$\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8608/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8608/" + }, + { + "name": "http://packetstormsecurity.com/files/129470/K7-Computing-Multiple-Products-Null-Pointer-Dereference.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129470/K7-Computing-Multiple-Products-Null-Pointer-Dereference.html" + }, + { + "name": "71615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71615" + }, + { + "name": "20141210 CVE-2014-8608 - Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys]", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/45" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8652.json b/2014/8xxx/CVE-2014-8652.json index 7a3921be7ba..75060baa47b 100644 --- a/2014/8xxx/CVE-2014-8652.json +++ b/2014/8xxx/CVE-2014-8652.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140715 Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC.", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/69" - }, - { - "name" : "http://firebitsbr.wordpress.com/2014/07/16/vsla-security-advisory-fire-scada-dos-2013-001-http-dos-requests-flooding-crash-device-vulnerabilities-elipse-e3-scada-plc/", - "refsource" : "MISC", - "url" : "http://firebitsbr.wordpress.com/2014/07/16/vsla-security-advisory-fire-scada-dos-2013-001-http-dos-requests-flooding-crash-device-vulnerabilities-elipse-e3-scada-plc/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140715 Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC.", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/69" + }, + { + "name": "http://firebitsbr.wordpress.com/2014/07/16/vsla-security-advisory-fire-scada-dos-2013-001-http-dos-requests-flooding-crash-device-vulnerabilities-elipse-e3-scada-plc/", + "refsource": "MISC", + "url": "http://firebitsbr.wordpress.com/2014/07/16/vsla-security-advisory-fire-scada-dos-2013-001-http-dos-requests-flooding-crash-device-vulnerabilities-elipse-e3-scada-plc/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9181.json b/2014/9xxx/CVE-2014-9181.json index de89e540410..acb20d9b263 100644 --- a/2014/9xxx/CVE-2014-9181.json +++ b/2014/9xxx/CVE-2014-9181.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140228 SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531290" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt" - }, - { - "name" : "https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250", - "refsource" : "CONFIRM", - "url" : "https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt" + }, + { + "name": "20140228 SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531290" + }, + { + "name": "https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250", + "refsource": "CONFIRM", + "url": "https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9219.json b/2014/9xxx/CVE-2014-9219.json index e97a97a20c3..b63b474506f 100644 --- a/2014/9xxx/CVE-2014-9219.json +++ b/2014/9xxx/CVE-2014-9219.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2" - }, - { - "name" : "MDVSA-2014:243", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:243" - }, - { - "name" : "phpmyadmin-cve20149219-xss(99137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php" + }, + { + "name": "MDVSA-2014:243", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:243" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2" + }, + { + "name": "phpmyadmin-cve20149219-xss(99137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99137" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9804.json b/2014/9xxx/CVE-2014-9804.json index cf99d13a47f..0ee448bfcaf 100644 --- a/2014/9xxx/CVE-2014-9804.json +++ b/2014/9xxx/CVE-2014-9804.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to \"too many object.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=c504b8e1a1ca6f158f2d08bd33c62ce4865497ee", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=c504b8e1a1ca6f158f2d08bd33c62ce4865497ee" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343459", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to \"too many object.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343459", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343459" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=c504b8e1a1ca6f158f2d08bd33c62ce4865497ee", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=c504b8e1a1ca6f158f2d08bd33c62ce4865497ee" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9854.json b/2014/9xxx/CVE-2014-9854.json index 6b1f6226c34..c9be872c3d4 100644 --- a/2014/9xxx/CVE-2014-9854.json +++ b/2014/9xxx/CVE-2014-9854.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the \"identification of image.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b", - "refsource" : "CONFIRM", - "url" : "http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343514", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343514" - }, - { - "name" : "SUSE-SU-2016:1782", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2016:1784", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" - }, - { - "name" : "USN-3131-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3131-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the \"identification of image.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed" + }, + { + "name": "SUSE-SU-2016:1782", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "openSUSE-SU-2016:1748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" + }, + { + "name": "SUSE-SU-2016:1784", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343514", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343514" + }, + { + "name": "USN-3131-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3131-1" + }, + { + "name": "http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b", + "refsource": "CONFIRM", + "url": "http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2064.json b/2016/2xxx/CVE-2016-2064.json index b58d7624024..3c8ef33a108 100644 --- a/2016/2xxx/CVE-2016-2064.json +++ b/2016/2xxx/CVE-2016-2064.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88", - "refsource" : "CONFIRM", - "url" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88" - }, - { - "name" : "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve" - }, - { - "name" : "92375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve" + }, + { + "name": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88", + "refsource": "CONFIRM", + "url": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88" + }, + { + "name": "92375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92375" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2163.json b/2016/2xxx/CVE-2016-2163.json index 4bb71e66fa7..7fc50c8dc71 100644 --- a/2016/2xxx/CVE-2016-2163.json +++ b/2016/2xxx/CVE-2016-2163.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160325 [CVE-2016-2163] Stored Cross Site Scripting in Event description", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537888/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html" - }, - { - "name" : "http://openmeetings.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://openmeetings.apache.org/security.html" - }, - { - "name" : "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", + "refsource": "CONFIRM", + "url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG" + }, + { + "name": "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html" + }, + { + "name": "http://openmeetings.apache.org/security.html", + "refsource": "CONFIRM", + "url": "http://openmeetings.apache.org/security.html" + }, + { + "name": "20160325 [CVE-2016-2163] Stored Cross Site Scripting in Event description", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537888/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2590.json b/2016/2xxx/CVE-2016-2590.json index cfe00d4e6ec..584c23ac572 100644 --- a/2016/2xxx/CVE-2016-2590.json +++ b/2016/2xxx/CVE-2016-2590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2590", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2590", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6036.json b/2016/6xxx/CVE-2016-6036.json index b2cf49b8ed3..4a1597a6081 100644 --- a/2016/6xxx/CVE-2016-6036.json +++ b/2016/6xxx/CVE-2016-6036.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.1.6" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.1.6" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22000784", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22000784" - }, - { - "name" : "97172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97172" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22000784", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22000784" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6271.json b/2016/6xxx/CVE-2016-6271.json index 2cb144fe677..7d0488f19dd 100644 --- a/2016/6xxx/CVE-2016-6271.json +++ b/2016/6xxx/CVE-2016-6271.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gteissier/CVE-2016-6271", - "refsource" : "MISC", - "url" : "https://github.com/gteissier/CVE-2016-6271" - }, - { - "name" : "https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b", - "refsource" : "CONFIRM", - "url" : "https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b" - }, - { - "name" : "95928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95928" + }, + { + "name": "https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b", + "refsource": "CONFIRM", + "url": "https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b" + }, + { + "name": "https://github.com/gteissier/CVE-2016-6271", + "refsource": "MISC", + "url": "https://github.com/gteissier/CVE-2016-6271" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6859.json b/2016/6xxx/CVE-2016-6859.json index ef9e59fb664..a02ad14b177 100644 --- a/2016/6xxx/CVE-2016-6859.json +++ b/2016/6xxx/CVE-2016-6859.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-6859_SAP-Hybris_InformationDisclosure.txt", - "refsource" : "MISC", - "url" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-6859_SAP-Hybris_InformationDisclosure.txt" - }, - { - "name" : "93959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-6859_SAP-Hybris_InformationDisclosure.txt", + "refsource": "MISC", + "url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-6859_SAP-Hybris_InformationDisclosure.txt" + }, + { + "name": "93959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93959" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6868.json b/2016/6xxx/CVE-2016-6868.json index 2f4679a6583..f7e435c9e28 100644 --- a/2016/6xxx/CVE-2016-6868.json +++ b/2016/6xxx/CVE-2016-6868.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6868", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6868", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6878.json b/2016/6xxx/CVE-2016-6878.json index c1443ea6701..430f626ae84 100644 --- a/2016/6xxx/CVE-2016-6878.json +++ b/2016/6xxx/CVE-2016-6878.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://botan.randombit.net/security.html#id2", - "refsource" : "CONFIRM", - "url" : "https://botan.randombit.net/security.html#id2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://botan.randombit.net/security.html#id2", + "refsource": "CONFIRM", + "url": "https://botan.randombit.net/security.html#id2" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7384.json b/2016/7xxx/CVE-2016-7384.json index db790450a1c..5943c5c279e 100644 --- a/2016/7xxx/CVE-2016-7384.json +++ b/2016/7xxx/CVE-2016-7384.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-7384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, and GeForce (all versions)", - "version" : { - "version_data" : [ - { - "version_value" : "Quadro, NVS, and GeForce (all versions)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-7384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, and GeForce (all versions)", + "version": { + "version_data": [ + { + "version_value": "Quadro, NVS, and GeForce (all versions)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40655/" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" - }, - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-10822", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-10822" - }, - { - "name" : "93983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-10822", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-10822" + }, + { + "name": "40655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40655/" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" + }, + { + "name": "93983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93983" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7798.json b/2016/7xxx/CVE-2016-7798.json index 10a095c6dde..c3d0608d579 100644 --- a/2016/7xxx/CVE-2016-7798.json +++ b/2016/7xxx/CVE-2016-7798.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160919 CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/19/9" - }, - { - "name" : "[oss-security] 20160930 Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/01/2" - }, - { - "name" : "[oss-security] 20160930 Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/30/6" - }, - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" - }, - { - "name" : "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062", - "refsource" : "CONFIRM", - "url" : "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062" - }, - { - "name" : "https://github.com/ruby/openssl/issues/49", - "refsource" : "CONFIRM", - "url" : "https://github.com/ruby/openssl/issues/49" - }, - { - "name" : "DSA-3966", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3966" - }, - { - "name" : "93031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160930 Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/30/6" + }, + { + "name": "DSA-3966", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3966" + }, + { + "name": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062", + "refsource": "CONFIRM", + "url": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062" + }, + { + "name": "[oss-security] 20160930 Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/01/2" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" + }, + { + "name": "[oss-security] 20160919 CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/19/9" + }, + { + "name": "93031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93031" + }, + { + "name": "https://github.com/ruby/openssl/issues/49", + "refsource": "CONFIRM", + "url": "https://github.com/ruby/openssl/issues/49" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5559.json b/2017/5xxx/CVE-2017-5559.json index e23616f7661..038bfcceff7 100644 --- a/2017/5xxx/CVE-2017-5559.json +++ b/2017/5xxx/CVE-2017-5559.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5559", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5559", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5616.json b/2017/5xxx/CVE-2017-5616.json index 76ff79c31ff..e3a134f13d2 100644 --- a/2017/5xxx/CVE-2017-5616.json +++ b/2017/5xxx/CVE-2017-5616.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/28/8" - }, - { - "name" : "https://news.cpanel.com/tsr-2017-0001-full-disclosure/", - "refsource" : "MISC", - "url" : "https://news.cpanel.com/tsr-2017-0001-full-disclosure/" - }, - { - "name" : "95870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95870" + }, + { + "name": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/", + "refsource": "MISC", + "url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/" + }, + { + "name": "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/28/8" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5852.json b/2017/5xxx/CVE-2017-5852.json index f511ab94116..c57d27bcab8 100644 --- a/2017/5xxx/CVE-2017-5852.json +++ b/2017/5xxx/CVE-2017-5852.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/12" - }, - { - "name" : "[oss-security] 20170202 Re: podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/10" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/" - }, - { - "name" : "97032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/" + }, + { + "name": "[oss-security] 20170201 podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/12" + }, + { + "name": "97032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97032" + }, + { + "name": "[oss-security] 20170202 Re: podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/10" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5997.json b/2017/5xxx/CVE-2017-5997.json index c6999631de2..3269c8dab47 100644 --- a/2017/5xxx/CVE-2017-5997.json +++ b/2017/5xxx/CVE-2017-5997.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/" + } + ] + } +} \ No newline at end of file