diff --git a/2006/0xxx/CVE-2006-0004.json b/2006/0xxx/CVE-2006-0004.json index af00f98d792..83194c3d4bf 100644 --- a/2006/0xxx/CVE-2006-0004.json +++ b/2006/0xxx/CVE-2006-0004.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-010" - }, - { - "name" : "VU#963628", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/963628" - }, - { - "name" : "16634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16634" - }, - { - "name" : "ADV-2006-0579", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0579" - }, - { - "name" : "oval:org.mitre.oval:def:1555", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1555" - }, - { - "name" : "1015632", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015632" - }, - { - "name" : "18865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18865" - }, - { - "name" : "powerpoint-tiff-information-disclosure(24490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#963628", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/963628" + }, + { + "name": "18865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18865" + }, + { + "name": "16634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16634" + }, + { + "name": "powerpoint-tiff-information-disclosure(24490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24490" + }, + { + "name": "oval:org.mitre.oval:def:1555", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1555" + }, + { + "name": "MS06-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-010" + }, + { + "name": "1015632", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015632" + }, + { + "name": "ADV-2006-0579", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0579" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0246.json b/2006/0xxx/CVE-2006-0246.json index abb173ca520..800128184c5 100644 --- a/2006/0xxx/CVE-2006-0246.json +++ b/2006/0xxx/CVE-2006-0246.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/22/22462-widexl.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22462-widexl.txt" - }, - { - "name" : "16265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16265" - }, - { - "name" : "ADV-2006-0213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0213" - }, - { - "name" : "22462", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22462" - }, - { - "name" : "18472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18472" - }, - { - "name" : "downloadtracker-down-xss(24161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "downloadtracker-down-xss(24161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24161" + }, + { + "name": "22462", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22462" + }, + { + "name": "ADV-2006-0213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0213" + }, + { + "name": "http://osvdb.org/ref/22/22462-widexl.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22462-widexl.txt" + }, + { + "name": "18472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18472" + }, + { + "name": "16265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16265" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1062.json b/2006/1xxx/CVE-2006-1062.json index ee46897fc87..ee0edfdbcb8 100644 --- a/2006/1xxx/CVE-2006-1062.json +++ b/2006/1xxx/CVE-2006-1062.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Lurker-users] 20060302 Serious security vulnerabilities found", - "refsource" : "MLIST", - "url" : "http://terpstra.ca/lurker/message/20060302.130003.4c5c2680.en.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=399034&group_id=8168", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=399034&group_id=8168" - }, - { - "name" : "DSA-999", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-999" - }, - { - "name" : "17003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17003" - }, - { - "name" : "ADV-2006-0850", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0850" - }, - { - "name" : "23694", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23694" - }, - { - "name" : "19136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19136" - }, - { - "name" : "19145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19145" - }, - { - "name" : "lurker-lurker-information-disclosure(25149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=399034&group_id=8168", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=399034&group_id=8168" + }, + { + "name": "23694", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23694" + }, + { + "name": "19145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19145" + }, + { + "name": "DSA-999", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-999" + }, + { + "name": "17003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17003" + }, + { + "name": "ADV-2006-0850", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0850" + }, + { + "name": "[Lurker-users] 20060302 Serious security vulnerabilities found", + "refsource": "MLIST", + "url": "http://terpstra.ca/lurker/message/20060302.130003.4c5c2680.en.html" + }, + { + "name": "lurker-lurker-information-disclosure(25149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25149" + }, + { + "name": "19136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19136" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3362.json b/2006/3xxx/CVE-2006-3362.json index e050e6d6e8a..e76cb1f020c 100644 --- a/2006/3xxx/CVE-2006-3362.json +++ b/2006/3xxx/CVE-2006-3362.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060717 ToendaCMS <= 1.0.0 arbitrary file upload", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440423/100/0/threaded" - }, - { - "name" : "1964", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1964" - }, - { - "name" : "2035", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2035" - }, - { - "name" : "6344", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6344" - }, - { - "name" : "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html" - }, - { - "name" : "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager", - "refsource" : "CONFIRM", - "url" : "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager" - }, - { - "name" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr4", - "refsource" : "CONFIRM", - "url" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr4" - }, - { - "name" : "18767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18767" - }, - { - "name" : "19072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19072" - }, - { - "name" : "30950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30950" - }, - { - "name" : "ADV-2006-2611", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2611" - }, - { - "name" : "ADV-2006-2868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2868" - }, - { - "name" : "20886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20886" - }, - { - "name" : "21117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21117" - }, - { - "name" : "geeklog-multiple-scripts-file-include(27469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469" - }, - { - "name" : "geeklog-connector-file-upload(27494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494" - }, - { - "name" : "toendacms-connector-file-upload(27799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19072" + }, + { + "name": "18767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18767" + }, + { + "name": "30950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30950" + }, + { + "name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4", + "refsource": "CONFIRM", + "url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4" + }, + { + "name": "geeklog-multiple-scripts-file-include(27469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469" + }, + { + "name": "toendacms-connector-file-upload(27799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799" + }, + { + "name": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager", + "refsource": "CONFIRM", + "url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager" + }, + { + "name": "ADV-2006-2868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2868" + }, + { + "name": "6344", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6344" + }, + { + "name": "2035", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2035" + }, + { + "name": "1964", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1964" + }, + { + "name": "20886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20886" + }, + { + "name": "geeklog-connector-file-upload(27494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494" + }, + { + "name": "20060717 ToendaCMS <= 1.0.0 arbitrary file upload", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded" + }, + { + "name": "21117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21117" + }, + { + "name": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html" + }, + { + "name": "ADV-2006-2611", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2611" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3700.json b/2006/3xxx/CVE-2006-3700.json index 0b3126a15ca..71cb96d7e1b 100644 --- a/2006/3xxx/CVE-2006-3700.json +++ b/2006/3xxx/CVE-2006-3700.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3713.json b/2006/3xxx/CVE-2006-3713.json index 21d3e27cea4..7e8faf3b161 100644 --- a/2006/3xxx/CVE-2006-3713.json +++ b/2006/3xxx/CVE-2006-3713.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3726.json b/2006/3xxx/CVE-2006-3726.json index d6bb31c144b..60f4dec0236 100644 --- a/2006/3xxx/CVE-2006-3726.json +++ b/2006/3xxx/CVE-2006-3726.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt", - "refsource" : "MISC", - "url" : "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt" - }, - { - "name" : "19065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19065" - }, - { - "name" : "ADV-2006-2870", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2870" - }, - { - "name" : "27389", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27389" - }, - { - "name" : "21108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21108" - }, - { - "name" : "filecopa-list-bo(27817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "filecopa-list-bo(27817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817" + }, + { + "name": "21108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21108" + }, + { + "name": "27389", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27389" + }, + { + "name": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt", + "refsource": "MISC", + "url": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt" + }, + { + "name": "ADV-2006-2870", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2870" + }, + { + "name": "19065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19065" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3871.json b/2006/3xxx/CVE-2006-3871.json index f60c544c835..ce4c9c087ae 100644 --- a/2006/3xxx/CVE-2006-3871.json +++ b/2006/3xxx/CVE-2006-3871.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3871", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-3871", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4489.json b/2006/4xxx/CVE-2006-4489.json index 3d121863ba2..168b54db19f 100644 --- a/2006/4xxx/CVE-2006-4489.json +++ b/2006/4xxx/CVE-2006-4489.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2272", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2272" - }, - { - "name" : "http://www.ultrize.com/minibill/index.php", - "refsource" : "CONFIRM", - "url" : "http://www.ultrize.com/minibill/index.php" - }, - { - "name" : "http://www.ultrize.com/minibill/index.php?page=changelog", - "refsource" : "CONFIRM", - "url" : "http://www.ultrize.com/minibill/index.php?page=changelog" - }, - { - "name" : "20061108 MiniBill 2 RFI ack", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-November/001115.html" - }, - { - "name" : "19568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19568" - }, - { - "name" : "ADV-2006-3413", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3413" - }, - { - "name" : "28258", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28258" - }, - { - "name" : "28259", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28259" - }, - { - "name" : "1016769", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016769" - }, - { - "name" : "21688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21688" - }, - { - "name" : "minibill-ipn-file-include(28625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19568" + }, + { + "name": "28258", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28258" + }, + { + "name": "2272", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2272" + }, + { + "name": "http://www.ultrize.com/minibill/index.php", + "refsource": "CONFIRM", + "url": "http://www.ultrize.com/minibill/index.php" + }, + { + "name": "minibill-ipn-file-include(28625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28625" + }, + { + "name": "21688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21688" + }, + { + "name": "28259", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28259" + }, + { + "name": "ADV-2006-3413", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3413" + }, + { + "name": "http://www.ultrize.com/minibill/index.php?page=changelog", + "refsource": "CONFIRM", + "url": "http://www.ultrize.com/minibill/index.php?page=changelog" + }, + { + "name": "20061108 MiniBill 2 RFI ack", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-November/001115.html" + }, + { + "name": "1016769", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016769" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4669.json b/2006/4xxx/CVE-2006-4669.json index ca0dbede36b..3e4f8142637 100644 --- a/2006/4xxx/CVE-2006-4669.json +++ b/2006/4xxx/CVE-2006-4669.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2329", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2329" - }, - { - "name" : "19912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19912" - }, - { - "name" : "ADV-2006-3516", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3516" - }, - { - "name" : "21825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21825" - }, - { - "name" : "somery-include-file-include(28816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3516", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3516" + }, + { + "name": "2329", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2329" + }, + { + "name": "21825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21825" + }, + { + "name": "19912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19912" + }, + { + "name": "somery-include-file-include(28816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28816" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4713.json b/2006/4xxx/CVE-2006-4713.json index 02083457ef6..5dd8c79e71b 100644 --- a/2006/4xxx/CVE-2006-4713.json +++ b/2006/4xxx/CVE-2006-4713.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060910 PUMA 1.0 RC 2 (config.php) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445723/100/0/threaded" - }, - { - "name" : "http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R%20FI.htm", - "refsource" : "MISC", - "url" : "http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R%20FI.htm" - }, - { - "name" : "2340", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2340" - }, - { - "name" : "19940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19940" - }, - { - "name" : "ADV-2006-3545", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3545" - }, - { - "name" : "1557", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1557" - }, - { - "name" : "puma-config-file-include(28837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R%20FI.htm", + "refsource": "MISC", + "url": "http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R%20FI.htm" + }, + { + "name": "19940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19940" + }, + { + "name": "1557", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1557" + }, + { + "name": "2340", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2340" + }, + { + "name": "puma-config-file-include(28837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28837" + }, + { + "name": "ADV-2006-3545", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3545" + }, + { + "name": "20060910 PUMA 1.0 RC 2 (config.php) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445723/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7024.json b/2006/7xxx/CVE-2006-7024.json index 682e3d17905..9fa7e85fcc0 100644 --- a/2006/7xxx/CVE-2006-7024.json +++ b/2006/7xxx/CVE-2006-7024.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1943", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1943" - }, - { - "name" : "18614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18614" - }, - { - "name" : "harpia-multiple-scripts-file-include(27308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "harpia-multiple-scripts-file-include(27308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27308" + }, + { + "name": "1943", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1943" + }, + { + "name": "18614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18614" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2027.json b/2010/2xxx/CVE-2010-2027.json index dbbe5bda7cd..f76a1afc976 100644 --- a/2010/2xxx/CVE-2010-2027.json +++ b/2010/2xxx/CVE-2010-2027.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100514 Mathematica on Linux /tmp/MathLink vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511298/100/0/threaded" - }, - { - "name" : "20100514 Mathematica on Linux /tmp/MathLink vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=127380255201760&w=2" - }, - { - "name" : "39805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39805" + }, + { + "name": "20100514 Mathematica on Linux /tmp/MathLink vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511298/100/0/threaded" + }, + { + "name": "20100514 Mathematica on Linux /tmp/MathLink vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=127380255201760&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2100.json b/2010/2xxx/CVE-2010-2100.json index 3de60d6fde2..2e429bd21bc 100644 --- a/2010/2xxx/CVE-2010-2100.json +++ b/2010/2xxx/CVE-2010-2100.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html" - }, - { - "name" : "http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html" - }, - { - "name" : "http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html" - }, - { - "name" : "http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html" - }, - { - "name" : "http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html" - }, - { - "name" : "HPSBOV02763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SSRT100826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBOV02763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html" + }, + { + "name": "http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html" + }, + { + "name": "SSRT100826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html" + }, + { + "name": "http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html" + }, + { + "name": "http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2538.json b/2010/2xxx/CVE-2010-2538.json index 0fcf5c0ee5f..89b09735dee 100644 --- a/2010/2xxx/CVE-2010-2538.json +++ b/2010/2xxx/CVE-2010-2538.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100721 CVE request: kernel: btrfs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/21/4" - }, - { - "name" : "[oss-security] 20100721 Re: CVE request: kernel: btrfs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/21/10" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=616998", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=616998" - }, - { - "name" : "SUSE-SA:2010:040", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" - }, - { - "name" : "USN-1041-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1041-1" - }, - { - "name" : "41854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41854" - }, - { - "name" : "42758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42758" - }, - { - "name" : "ADV-2011-0070", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41854" + }, + { + "name": "USN-1041-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1041-1" + }, + { + "name": "[oss-security] 20100721 Re: CVE request: kernel: btrfs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/21/10" + }, + { + "name": "SUSE-SA:2010:040", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35" + }, + { + "name": "42758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42758" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=616998", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=616998" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5" + }, + { + "name": "ADV-2011-0070", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0070" + }, + { + "name": "[oss-security] 20100721 CVE request: kernel: btrfs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/21/4" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3044.json b/2010/3xxx/CVE-2010-3044.json index 96d7d74e214..9725e0d7aca 100644 --- a/2010/3xxx/CVE-2010-3044.json +++ b/2010/3xxx/CVE-2010-3044.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortiguard.com/advisory/FGA-2011-03.html", - "refsource" : "MISC", - "url" : "http://www.fortiguard.com/advisory/FGA-2011-03.html" - }, - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016" - }, - { - "name" : "20110201 Multiple Cisco WebEx Player Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml" - }, - { - "name" : "46075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46075" - }, - { - "name" : "1025016", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025016" - }, - { - "name" : "cisco-wrf-arf-bo(65075)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-wrf-arf-bo(65075)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075" + }, + { + "name": "20110201 Multiple Cisco WebEx Player Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml" + }, + { + "name": "http://www.fortiguard.com/advisory/FGA-2011-03.html", + "refsource": "MISC", + "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016" + }, + { + "name": "46075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46075" + }, + { + "name": "1025016", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025016" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3587.json b/2010/3xxx/CVE-2010-3587.json index 7a7d910747a..08067a71ad6 100644 --- a/2010/3xxx/CVE-2010-3587.json +++ b/2010/3xxx/CVE-2010-3587.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45870" - }, - { - "name" : "42922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42922" - }, - { - "name" : "ADV-2011-0144", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0144" - }, - { - "name" : "oracle-ebusiness-common-unauth-access(64780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42922" + }, + { + "name": "oracle-ebusiness-common-unauth-access(64780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64780" + }, + { + "name": "ADV-2011-0144", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0144" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "45870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45870" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3696.json b/2010/3xxx/CVE-2010-3696.json index 16fdf74a505..115d2237f1f 100644 --- a/2010/3xxx/CVE-2010-3696.json +++ b/2010/3xxx/CVE-2010-3696.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101001 CVE request: freeradius", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/01/3" - }, - { - "name" : "[oss-security] 20101001 Re: CVE request: freeradius", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/01/8" - }, - { - "name" : "http://freeradius.org/press/index.html#2.1.10", - "refsource" : "CONFIRM", - "url" : "http://freeradius.org/press/index.html#2.1.10" - }, - { - "name" : "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279", - "refsource" : "CONFIRM", - "url" : "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279" - }, - { - "name" : "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77", - "refsource" : "CONFIRM", - "url" : "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639390", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639390" - }, - { - "name" : "41621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279", + "refsource": "CONFIRM", + "url": "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279" + }, + { + "name": "41621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41621" + }, + { + "name": "[oss-security] 20101001 CVE request: freeradius", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/01/3" + }, + { + "name": "http://freeradius.org/press/index.html#2.1.10", + "refsource": "CONFIRM", + "url": "http://freeradius.org/press/index.html#2.1.10" + }, + { + "name": "[oss-security] 20101001 Re: CVE request: freeradius", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/01/8" + }, + { + "name": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77", + "refsource": "CONFIRM", + "url": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639390", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639390" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3721.json b/2010/3xxx/CVE-2010-3721.json index af6e7fb6745..7a074595689 100644 --- a/2010/3xxx/CVE-2010-3721.json +++ b/2010/3xxx/CVE-2010-3721.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3721", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3721", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0473.json b/2011/0xxx/CVE-2011-0473.json index 459ae452462..a0ba2100ebf 100644 --- a/2011/0xxx/CVE-2011-0473.json +++ b/2011/0xxx/CVE-2011-0473.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=66560", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=66560" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" - }, - { - "name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", - "refsource" : "CONFIRM", - "url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" - }, - { - "name" : "45788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45788" - }, - { - "name" : "70456", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70456" - }, - { - "name" : "oval:org.mitre.oval:def:14460", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14460" - }, - { - "name" : "42951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42951" - }, - { - "name" : "chrome-css-canvas-unspecified(64664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" + }, + { + "name": "45788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45788" + }, + { + "name": "chrome-css-canvas-unspecified(64664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64664" + }, + { + "name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", + "refsource": "CONFIRM", + "url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" + }, + { + "name": "70456", + "refsource": "OSVDB", + "url": "http://osvdb.org/70456" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=66560", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=66560" + }, + { + "name": "oval:org.mitre.oval:def:14460", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14460" + }, + { + "name": "42951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42951" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1005.json b/2011/1xxx/CVE-2011-1005.json index 01bc98a7042..7c14931aee1 100644 --- a/2011/1xxx/CVE-2011-1005.json +++ b/2011/1xxx/CVE-2011-1005.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/21/2" - }, - { - "name" : "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/21/5" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678920", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678920" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "FEDORA-2011-1876", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html" - }, - { - "name" : "FEDORA-2011-1913", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html" - }, - { - "name" : "MDVSA-2011:097", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097" - }, - { - "name" : "MDVSA-2011:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098" - }, - { - "name" : "RHSA-2011:0908", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0908.html" - }, - { - "name" : "RHSA-2011:0909", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0909.html" - }, - { - "name" : "RHSA-2011:0910", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0910.html" - }, - { - "name" : "46458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46458" - }, - { - "name" : "70957", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70957" - }, - { - "name" : "43420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43420" - }, - { - "name" : "43573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43573" - }, - { - "name" : "ADV-2011-0539", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0910", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0910.html" + }, + { + "name": "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/21/5" + }, + { + "name": "MDVSA-2011:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098" + }, + { + "name": "ADV-2011-0539", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0539" + }, + { + "name": "RHSA-2011:0909", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0909.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678920", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678920" + }, + { + "name": "43573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43573" + }, + { + "name": "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/21/2" + }, + { + "name": "RHSA-2011:0908", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0908.html" + }, + { + "name": "70957", + "refsource": "OSVDB", + "url": "http://osvdb.org/70957" + }, + { + "name": "FEDORA-2011-1876", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html" + }, + { + "name": "FEDORA-2011-1913", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html" + }, + { + "name": "46458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46458" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "MDVSA-2011:097", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "43420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43420" + }, + { + "name": "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1014.json b/2011/1xxx/CVE-2011-1014.json index f577d02c5ab..988483ab9e0 100644 --- a/2011/1xxx/CVE-2011-1014.json +++ b/2011/1xxx/CVE-2011-1014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1014", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0465. Reason: This candidate is a reservation duplicate of CVE-2011-0465. Notes: All CVE users should reference CVE-2011-0465 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-1014", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0465. Reason: This candidate is a reservation duplicate of CVE-2011-0465. Notes: All CVE users should reference CVE-2011-0465 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1343.json b/2011/1xxx/CVE-2011-1343.json index 0a58981caea..699d2edcfbf 100644 --- a/2011/1xxx/CVE-2011-1343.json +++ b/2011/1xxx/CVE-2011-1343.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via \"dynamic SQL parameters.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029093", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029093" - }, - { - "name" : "IZ83269", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IZ83269" - }, - { - "name" : "43577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43577" - }, - { - "name" : "ADV-2011-0550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0550" - }, - { - "name" : "tivoli-netcool-webgui-sql-injection(65767)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via \"dynamic SQL parameters.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tivoli-netcool-webgui-sql-injection(65767)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65767" + }, + { + "name": "ADV-2011-0550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0550" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029093", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029093" + }, + { + "name": "IZ83269", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IZ83269" + }, + { + "name": "43577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43577" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1431.json b/2011/1xxx/CVE-2011-1431.json index 96926b9c129..de0cf2b1cb6 100644 --- a/2011/1xxx/CVE-2011-1431.json +++ b/2011/1xxx/CVE-2011-1431.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110307 Plaintext injection in STARTTLS (multiple implementations)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516901" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q" - }, - { - "name" : "http://www.postfix.org/CVE-2011-0411.html", - "refsource" : "MISC", - "url" : "http://www.postfix.org/CVE-2011-0411.html" - }, - { - "name" : "http://inoa.net/qmail-tls/vu555316.patch", - "refsource" : "CONFIRM", - "url" : "http://inoa.net/qmail-tls/vu555316.patch" - }, - { - "name" : "VU#555316", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/555316" - }, - { - "name" : "46767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46767" - }, - { - "name" : "8144", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8144" - }, - { - "name" : "ADV-2011-0612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0612" - }, - { - "name" : "multiple-starttls-command-execution(65932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-starttls-command-execution(65932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q" + }, + { + "name": "http://inoa.net/qmail-tls/vu555316.patch", + "refsource": "CONFIRM", + "url": "http://inoa.net/qmail-tls/vu555316.patch" + }, + { + "name": "http://www.postfix.org/CVE-2011-0411.html", + "refsource": "MISC", + "url": "http://www.postfix.org/CVE-2011-0411.html" + }, + { + "name": "ADV-2011-0612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0612" + }, + { + "name": "46767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46767" + }, + { + "name": "VU#555316", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/555316" + }, + { + "name": "20110307 Plaintext injection in STARTTLS (multiple implementations)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516901" + }, + { + "name": "8144", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8144" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1920.json b/2011/1xxx/CVE-2011-1920.json index a9e8f4dd4a0..ba9e1393508 100644 --- a/2011/1xxx/CVE-2011-1920.json +++ b/2011/1xxx/CVE-2011-1920.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110516 CVE Request -- pmake -- Use of insecure temporary file for 'depend' target", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/16/2" - }, - { - "name" : "[oss-security] 20110516 Re: CVE Request -- pmake -- Use of insecure temporary file for 'depend' target", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/16/8" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705090", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705090" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705100", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705100" - }, - { - "name" : "47878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47878" - }, - { - "name" : "pmake-depend-symlink(67495)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673" + }, + { + "name": "47878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47878" + }, + { + "name": "[oss-security] 20110516 CVE Request -- pmake -- Use of insecure temporary file for 'depend' target", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/16/2" + }, + { + "name": "[oss-security] 20110516 Re: CVE Request -- pmake -- Use of insecure temporary file for 'depend' target", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/16/8" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=705100", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705100" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=705090", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705090" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h" + }, + { + "name": "pmake-depend-symlink(67495)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3147.json b/2014/3xxx/CVE-2014-3147.json index c209d2c833d..73b52ee32e2 100644 --- a/2014/3xxx/CVE-2014-3147.json +++ b/2014/3xxx/CVE-2014-3147.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAMSH", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAMSH" - }, - { - "name" : "1030800", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1030800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030800", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1030800" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAMSH", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAMSH" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3208.json b/2014/3xxx/CVE-2014-3208.json index ad899097391..f5d573a2fe9 100644 --- a/2014/3xxx/CVE-2014-3208.json +++ b/2014/3xxx/CVE-2014-3208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3208", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3208", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3326.json b/2014/3xxx/CVE-2014-3326.json index b07480a9830..2771b94c640 100644 --- a/2014/3xxx/CVE-2014-3326.json +++ b/2014/3xxx/CVE-2014-3326.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35029", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35029" - }, - { - "name" : "20140724 Cisco Security Manager SQL Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326" - }, - { - "name" : "68877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68877" - }, - { - "name" : "1030639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030639" - }, - { - "name" : "60455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60455" - }, - { - "name" : "cisco-security-cve20143326-sql-injection(94841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35029", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35029" + }, + { + "name": "60455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60455" + }, + { + "name": "cisco-security-cve20143326-sql-injection(94841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94841" + }, + { + "name": "68877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68877" + }, + { + "name": "1030639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030639" + }, + { + "name": "20140724 Cisco Security Manager SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3505.json b/2014/3xxx/CVE-2014-3505.json index 7025a92bc7f..5731a888b5f 100644 --- a/2014/3xxx/CVE-2014-3505.json +++ b/2014/3xxx/CVE-2014-3505.json @@ -1,317 +1,317 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", - "refsource" : "MLIST", - "url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" - }, - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b" - }, - { - "name" : "https://www.openssl.org/news/secadv_20140806.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20140806.txt" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1053.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1053.html" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" - }, - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1052.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1052.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" - }, - { - "name" : "DSA-2998", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2998" - }, - { - "name" : "FEDORA-2014-9301", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" - }, - { - "name" : "FEDORA-2014-9308", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" - }, - { - "name" : "GLSA-201412-39", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml" - }, - { - "name" : "HPSBOV03099", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141077370928502&w=2" - }, - { - "name" : "HPSBUX03095", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2" - }, - { - "name" : "SSRT101674", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2" - }, - { - "name" : "HPSBHF03293", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "SSRT101846", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "MDVSA-2014:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158" - }, - { - "name" : "NetBSD-SA2014-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" - }, - { - "name" : "RHSA-2014:1256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1256.html" - }, - { - "name" : "RHSA-2014:1297", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1297.html" - }, - { - "name" : "openSUSE-SU-2014:1052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" - }, - { - "name" : "openSUSE-SU-2016:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" - }, - { - "name" : "69081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69081" - }, - { - "name" : "1030693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030693" - }, - { - "name" : "59221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59221" - }, - { - "name" : "60687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60687" - }, - { - "name" : "60824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60824" - }, - { - "name" : "60917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60917" - }, - { - "name" : "60921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60921" - }, - { - "name" : "60938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60938" - }, - { - "name" : "61775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61775" - }, - { - "name" : "61959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61959" - }, - { - "name" : "59756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59756" - }, - { - "name" : "60803", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60803" - }, - { - "name" : "61040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61040" - }, - { - "name" : "61100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61100" - }, - { - "name" : "61250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61250" - }, - { - "name" : "61184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61184" - }, - { - "name" : "59743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59743" - }, - { - "name" : "60778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60778" - }, - { - "name" : "58962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58962" - }, - { - "name" : "59700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59700" - }, - { - "name" : "59710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59710" - }, - { - "name" : "60022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60022" - }, - { - "name" : "60684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60684" - }, - { - "name" : "60221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60221" - }, - { - "name" : "60493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1297", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html" + }, + { + "name": "openSUSE-SU-2014:1052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html" + }, + { + "name": "60221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60221" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" + }, + { + "name": "60778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60778" + }, + { + "name": "61184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61184" + }, + { + "name": "SSRT101846", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "RHSA-2014:1256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html" + }, + { + "name": "60022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60022" + }, + { + "name": "https://www.openssl.org/news/secadv_20140806.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20140806.txt" + }, + { + "name": "61040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61040" + }, + { + "name": "61250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61250" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b" + }, + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" + }, + { + "name": "GLSA-201412-39", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" + }, + { + "name": "HPSBHF03293", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "60803", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60803" + }, + { + "name": "60824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60824" + }, + { + "name": "HPSBUX03095", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2" + }, + { + "name": "59700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59700" + }, + { + "name": "FEDORA-2014-9308", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" + }, + { + "name": "1030693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030693" + }, + { + "name": "59743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59743" + }, + { + "name": "openSUSE-SU-2016:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" + }, + { + "name": "60917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60917" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html" + }, + { + "name": "NetBSD-SA2014-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" + }, + { + "name": "60493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60493" + }, + { + "name": "59710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59710" + }, + { + "name": "60921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60921" + }, + { + "name": "HPSBOV03099", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141077370928502&w=2" + }, + { + "name": "59221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59221" + }, + { + "name": "69081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69081" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" + }, + { + "name": "61100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61100" + }, + { + "name": "61775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61775" + }, + { + "name": "DSA-2998", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2998" + }, + { + "name": "FEDORA-2014-9301", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" + }, + { + "name": "SSRT101674", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2" + }, + { + "name": "61959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61959" + }, + { + "name": "59756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59756" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" + }, + { + "name": "58962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58962" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html" + }, + { + "name": "60938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60938" + }, + { + "name": "60684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60684" + }, + { + "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", + "refsource": "MLIST", + "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" + }, + { + "name": "60687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60687" + }, + { + "name": "MDVSA-2014:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3748.json b/2014/3xxx/CVE-2014-3748.json index 66b5f6f44dc..5dd78d11ddb 100644 --- a/2014/3xxx/CVE-2014-3748.json +++ b/2014/3xxx/CVE-2014-3748.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3748", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3748", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3946.json b/2014/3xxx/CVE-2014-3946.json index e3cc97f0a0e..1b637df6825 100644 --- a/2014/3xxx/CVE-2014-3946.json +++ b/2014/3xxx/CVE-2014-3946.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140603 Re: CVE ID request: typo3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/03/2" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/" - }, - { - "name" : "DSA-2942", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2942", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2942" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/" + }, + { + "name": "[oss-security] 20140603 Re: CVE ID request: typo3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7157.json b/2014/7xxx/CVE-2014-7157.json index 255311ebd07..ca8885391ca 100644 --- a/2014/7xxx/CVE-2014-7157.json +++ b/2014/7xxx/CVE-2014-7157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140927 XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/108" - }, - { - "name" : "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html" - }, - { - "name" : "70161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70161" - }, - { - "name" : "exindawan-cve20147157-xss(96701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "exindawan-cve20147157-xss(96701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96701" + }, + { + "name": "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html" + }, + { + "name": "70161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70161" + }, + { + "name": "20140927 XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/108" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7332.json b/2014/7xxx/CVE-2014-7332.json index 8a409c7f62f..f632e54b6c9 100644 --- a/2014/7xxx/CVE-2014-7332.json +++ b/2014/7xxx/CVE-2014-7332.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7332", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7332", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7368.json b/2014/7xxx/CVE-2014-7368.json index 368a132d302..56fd3925e37 100644 --- a/2014/7xxx/CVE-2014-7368.json +++ b/2014/7xxx/CVE-2014-7368.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#174881", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/174881" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#174881", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/174881" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7799.json b/2014/7xxx/CVE-2014-7799.json index 01d6f48e795..69c2d52e5e6 100644 --- a/2014/7xxx/CVE-2014-7799.json +++ b/2014/7xxx/CVE-2014-7799.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#671993", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/671993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#671993", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/671993" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7875.json b/2014/7xxx/CVE-2014-7875.json index 889bcc192ba..c10b91c06a4 100644 --- a/2014/7xxx/CVE-2014-7875.json +++ b/2014/7xxx/CVE-2014-7875.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-7875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI03147", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04483249" - }, - { - "name" : "SSRT101766", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04483249" - }, - { - "name" : "70863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70863" - }, - { - "name" : "1031153", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031153" - }, - { - "name" : "62005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62005" - }, - { - "name" : "hp-laserjet-cve20147875-dos(98422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI03147", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04483249" + }, + { + "name": "hp-laserjet-cve20147875-dos(98422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98422" + }, + { + "name": "70863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70863" + }, + { + "name": "1031153", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031153" + }, + { + "name": "SSRT101766", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04483249" + }, + { + "name": "62005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62005" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8406.json b/2014/8xxx/CVE-2014-8406.json index 45607f1c0ea..28f97c1732b 100644 --- a/2014/8xxx/CVE-2014-8406.json +++ b/2014/8xxx/CVE-2014-8406.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8406", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8406", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8606.json b/2014/8xxx/CVE-2014-8606.json index 65b7db15324..001878479a4 100644 --- a/2014/8xxx/CVE-2014-8606.json +++ b/2014/8xxx/CVE-2014-8606.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=110", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/" + }, + { + "name": "http://www.vapid.dhs.org/advisory.php?v=110", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=110" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8669.json b/2014/8xxx/CVE-2014-8669.json index e5ddfe3739c..2da5219d5ee 100644 --- a/2014/8xxx/CVE-2014-8669.json +++ b/2014/8xxx/CVE-2014-8669.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "http://service.sap.com/sap/support/notes/0001835691", - "refsource" : "MISC", - "url" : "http://service.sap.com/sap/support/notes/0001835691" - }, - { - "name" : "http://service.sap.com/sap/support/notes/0001872638", - "refsource" : "MISC", - "url" : "http://service.sap.com/sap/support/notes/0001872638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.sap.com/sap/support/notes/0001872638", + "refsource": "MISC", + "url": "http://service.sap.com/sap/support/notes/0001872638" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + }, + { + "name": "http://service.sap.com/sap/support/notes/0001835691", + "refsource": "MISC", + "url": "http://service.sap.com/sap/support/notes/0001835691" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8907.json b/2014/8xxx/CVE-2014-8907.json index 931382ff48f..cb5d1a8e634 100644 --- a/2014/8xxx/CVE-2014-8907.json +++ b/2014/8xxx/CVE-2014-8907.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8907", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8907", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9873.json b/2014/9xxx/CVE-2014-9873.json index 6449fd27918..e1ff7fd0be2 100644 --- a/2014/9xxx/CVE-2014-9873.json +++ b/2014/9xxx/CVE-2014-9873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2142.json b/2016/2xxx/CVE-2016-2142.json index ebdc395e4d6..09d1f561932 100644 --- a/2016/2xxx/CVE-2016-2142.json +++ b/2016/2xxx/CVE-2016-2142.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2016:1038", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1038", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1038" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2274.json b/2016/2xxx/CVE-2016-2274.json index 685cf99bd4f..bc2b19928f5 100644 --- a/2016/2xxx/CVE-2016-2274.json +++ b/2016/2xxx/CVE-2016-2274.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-2274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adcon Telemetry A850 Telemetry Gateway Base Station", - "version" : { - "version_data" : [ - { - "version_value" : "Adcon Telemetry A850 Telemetry Gateway Base Station" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Adcon Telemetry A850 Telemetry Gateway Base Station XSS" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adcon Telemetry A850 Telemetry Gateway Base Station", + "version": { + "version_data": [ + { + "version_value": "Adcon Telemetry A850 Telemetry Gateway Base Station" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03" - }, - { - "name" : "94781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Adcon Telemetry A850 Telemetry Gateway Base Station XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94781" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2874.json b/2016/2xxx/CVE-2016-2874.json index 47d7097b9ee..db1e8d4fe00 100644 --- a/2016/2xxx/CVE-2016-2874.json +++ b/2016/2xxx/CVE-2016-2874.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987771", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987771" - }, - { - "name" : "95003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987771", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987771" + }, + { + "name": "95003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95003" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6300.json b/2016/6xxx/CVE-2016-6300.json index 0f781ba381e..ff1cfe9c51d 100644 --- a/2016/6xxx/CVE-2016-6300.json +++ b/2016/6xxx/CVE-2016-6300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6300", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-6300", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6932.json b/2016/6xxx/CVE-2016-6932.json index c48f3566712..cd0d8731ba9 100644 --- a/2016/6xxx/CVE-2016-6932.json +++ b/2016/6xxx/CVE-2016-6932.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6931." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:1865", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html" - }, - { - "name" : "92927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92927" - }, - { - "name" : "1036791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6931." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" + }, + { + "name": "RHSA-2016:1865", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html" + }, + { + "name": "92927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92927" + }, + { + "name": "1036791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036791" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18012.json b/2017/18xxx/CVE-2017-18012.json index 7b5ef6b135a..86462513439 100644 --- a/2017/18xxx/CVE-2017-18012.json +++ b/2017/18xxx/CVE-2017-18012.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html" - }, - { - "name" : "https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt", - "refsource" : "MISC", - "url" : "https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt" - }, - { - "name" : "https://wordpress.org/plugins/z-url-preview/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/z-url-preview/#developers" - }, - { - "name" : "https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/", - "refsource" : "MISC", - "url" : "https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8990", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8990", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8990" + }, + { + "name": "https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt", + "refsource": "MISC", + "url": "https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt" + }, + { + "name": "https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html" + }, + { + "name": "https://wordpress.org/plugins/z-url-preview/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/z-url-preview/#developers" + }, + { + "name": "https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/", + "refsource": "MISC", + "url": "https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5016.json b/2017/5xxx/CVE-2017-5016.json index b6686dfe613..cfbfea956c7 100644 --- a/2017/5xxx/CVE-2017-5016.json +++ b/2017/5xxx/CVE-2017-5016.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/673163", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/673163" - }, - { - "name" : "DSA-3776", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3776" - }, - { - "name" : "GLSA-201701-66", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-66" - }, - { - "name" : "RHSA-2017:0206", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html" - }, - { - "name" : "95792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95792" - }, - { - "name" : "1037718", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95792" + }, + { + "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201701-66", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-66" + }, + { + "name": "RHSA-2017:0206", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html" + }, + { + "name": "https://crbug.com/673163", + "refsource": "CONFIRM", + "url": "https://crbug.com/673163" + }, + { + "name": "1037718", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037718" + }, + { + "name": "DSA-3776", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3776" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5288.json b/2017/5xxx/CVE-2017-5288.json index 0609e5246f3..13500ec0561 100644 --- a/2017/5xxx/CVE-2017-5288.json +++ b/2017/5xxx/CVE-2017-5288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5288", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5288", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5429.json b/2017/5xxx/CVE-2017-5429.json index 265b6947bec..2eba08da836 100644 --- a/2017/5xxx/CVE-2017-5429.json +++ b/2017/5xxx/CVE-2017-5429.json @@ -1,139 +1,139 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, Firefox ESR 52.1, and Thunderbird 52.1" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, Firefox ESR 52.1, and Thunderbird 52.1" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5552.json b/2017/5xxx/CVE-2017-5552.json index 8054b6aefc0..58912281e8f 100644 --- a/2017/5xxx/CVE-2017-5552.json +++ b/2017/5xxx/CVE-2017-5552.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170120 CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/20/17" - }, - { - "name" : "[oss-security] 20170120 Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/21/5" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689" - }, - { - "name" : "GLSA-201702-28", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-28" - }, - { - "name" : "95773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-28", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-28" + }, + { + "name": "95773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95773" + }, + { + "name": "[oss-security] 20170120 Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/21/5" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689" + }, + { + "name": "[oss-security] 20170120 CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/20/17" + } + ] + } +} \ No newline at end of file