From 58f9e24a1a9b9d826eacc730c5dc0247b022aa42 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:24:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0061.json | 34 +-- 2006/0xxx/CVE-2006-0249.json | 180 ++++++++-------- 2006/0xxx/CVE-2006-0508.json | 150 ++++++------- 2006/0xxx/CVE-2006-0700.json | 160 +++++++------- 2006/0xxx/CVE-2006-0740.json | 34 +-- 2006/1xxx/CVE-2006-1760.json | 200 +++++++++--------- 2006/3xxx/CVE-2006-3474.json | 150 ++++++------- 2006/3xxx/CVE-2006-3551.json | 130 ++++++------ 2006/3xxx/CVE-2006-3712.json | 230 ++++++++++---------- 2006/4xxx/CVE-2006-4181.json | 180 ++++++++-------- 2006/4xxx/CVE-2006-4446.json | 220 ++++++++++---------- 2006/4xxx/CVE-2006-4476.json | 150 ++++++------- 2006/4xxx/CVE-2006-4563.json | 170 +++++++-------- 2006/4xxx/CVE-2006-4634.json | 160 +++++++------- 2006/4xxx/CVE-2006-4916.json | 160 +++++++------- 2006/7xxx/CVE-2006-7121.json | 160 +++++++------- 2010/2xxx/CVE-2010-2065.json | 260 +++++++++++------------ 2010/2xxx/CVE-2010-2947.json | 190 ++++++++--------- 2010/3xxx/CVE-2010-3309.json | 34 +-- 2010/3xxx/CVE-2010-3390.json | 34 +-- 2010/3xxx/CVE-2010-3435.json | 300 +++++++++++++------------- 2010/3xxx/CVE-2010-3744.json | 34 +-- 2010/3xxx/CVE-2010-3906.json | 260 +++++++++++------------ 2011/0xxx/CVE-2011-0065.json | 220 ++++++++++---------- 2011/0xxx/CVE-2011-0639.json | 140 ++++++------- 2011/0xxx/CVE-2011-0824.json | 120 +++++------ 2011/1xxx/CVE-2011-1139.json | 370 ++++++++++++++++----------------- 2011/1xxx/CVE-2011-1272.json | 140 ++++++------- 2011/1xxx/CVE-2011-1599.json | 230 ++++++++++---------- 2011/1xxx/CVE-2011-1880.json | 190 ++++++++--------- 2011/1xxx/CVE-2011-1942.json | 34 +-- 2011/5xxx/CVE-2011-5090.json | 130 ++++++------ 2011/5xxx/CVE-2011-5150.json | 130 ++++++------ 2014/3xxx/CVE-2014-3070.json | 150 ++++++------- 2014/3xxx/CVE-2014-3423.json | 160 +++++++------- 2014/3xxx/CVE-2014-3561.json | 140 ++++++------- 2014/3xxx/CVE-2014-3753.json | 34 +-- 2014/3xxx/CVE-2014-3940.json | 200 +++++++++--------- 2014/6xxx/CVE-2014-6136.json | 130 ++++++------ 2014/6xxx/CVE-2014-6873.json | 140 ++++++------- 2014/7xxx/CVE-2014-7525.json | 140 ++++++------- 2014/7xxx/CVE-2014-7796.json | 140 ++++++------- 2014/7xxx/CVE-2014-7888.json | 140 ++++++------- 2014/8xxx/CVE-2014-8105.json | 160 +++++++------- 2014/8xxx/CVE-2014-8421.json | 130 ++++++------ 2014/8xxx/CVE-2014-8501.json | 290 +++++++++++++------------- 2014/8xxx/CVE-2014-8551.json | 120 +++++------ 2016/2xxx/CVE-2016-2188.json | 340 +++++++++++++++--------------- 2016/2xxx/CVE-2016-2580.json | 34 +-- 2016/2xxx/CVE-2016-2638.json | 34 +-- 2016/6xxx/CVE-2016-6203.json | 34 +-- 2016/6xxx/CVE-2016-6253.json | 190 ++++++++--------- 2016/6xxx/CVE-2016-6337.json | 130 ++++++------ 2017/18xxx/CVE-2017-18085.json | 132 ++++++------ 2017/18xxx/CVE-2017-18350.json | 34 +-- 2017/5xxx/CVE-2017-5043.json | 170 +++++++-------- 2017/5xxx/CVE-2017-5684.json | 120 +++++------ 2017/5xxx/CVE-2017-5713.json | 34 +-- 2017/5xxx/CVE-2017-5818.json | 132 ++++++------ 2017/5xxx/CVE-2017-5905.json | 120 +++++------ 60 files changed, 4431 insertions(+), 4431 deletions(-) diff --git a/2006/0xxx/CVE-2006-0061.json b/2006/0xxx/CVE-2006-0061.json index 6acb3ae261f..2ec74e787e7 100644 --- a/2006/0xxx/CVE-2006-0061.json +++ b/2006/0xxx/CVE-2006-0061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0249.json b/2006/0xxx/CVE-2006-0249.json index 47799d478f7..aa2bc84af44 100644 --- a/2006/0xxx/CVE-2006-0249.json +++ b/2006/0xxx/CVE-2006-0249.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://evuln.com/vulns/33/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/33/summary.html" - }, - { - "name" : "16249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16249" - }, - { - "name" : "ADV-2006-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0191" - }, - { - "name" : "22463", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22463" - }, - { - "name" : "1015493", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015493" - }, - { - "name" : "18504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18504" - }, - { - "name" : "geoBlog-viewcat-sql-injection(24146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16249" + }, + { + "name": "18504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18504" + }, + { + "name": "geoBlog-viewcat-sql-injection(24146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24146" + }, + { + "name": "http://evuln.com/vulns/33/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/33/summary.html" + }, + { + "name": "22463", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22463" + }, + { + "name": "ADV-2006-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0191" + }, + { + "name": "1015493", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015493" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0508.json b/2006/0xxx/CVE-2006-0508.json index 359d3cf1d92..846b4ea2c5b 100644 --- a/2006/0xxx/CVE-2006-0508.json +++ b/2006/0xxx/CVE-2006-0508.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060129 EasyCMS vulnerable to XSS injection.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423442/100/0/threaded" - }, - { - "name" : "20060208 Re: Re: EasyCMS vulnerable to XSS injection.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424431/100/0/threaded" - }, - { - "name" : "18673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18673" - }, - { - "name" : "easycms-insecure-directories(24373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060129 EasyCMS vulnerable to XSS injection.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423442/100/0/threaded" + }, + { + "name": "20060208 Re: Re: EasyCMS vulnerable to XSS injection.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424431/100/0/threaded" + }, + { + "name": "18673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18673" + }, + { + "name": "easycms-insecure-directories(24373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24373" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0700.json b/2006/0xxx/CVE-2006-0700.json index 06efff7db0f..4ae7144beda 100644 --- a/2006/0xxx/CVE-2006-0700.json +++ b/2006/0xxx/CVE-2006-0700.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060211 imageVue16.1 upload vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424745/30/0/threaded" - }, - { - "name" : "16594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16594" - }, - { - "name" : "ADV-2006-0570", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0570" - }, - { - "name" : "18802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18802" - }, - { - "name" : "imagevue-multiple-information-disclosure(24641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0570", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0570" + }, + { + "name": "20060211 imageVue16.1 upload vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424745/30/0/threaded" + }, + { + "name": "18802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18802" + }, + { + "name": "16594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16594" + }, + { + "name": "imagevue-multiple-information-disclosure(24641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24641" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0740.json b/2006/0xxx/CVE-2006-0740.json index bee60a79995..400fcf76bc5 100644 --- a/2006/0xxx/CVE-2006-0740.json +++ b/2006/0xxx/CVE-2006-0740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1760.json b/2006/1xxx/CVE-2006-1760.json index 22952629a81..94b4d9935eb 100644 --- a/2006/1xxx/CVE-2006-1760.json +++ b/2006/1xxx/CVE-2006-1760.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 JetPhoto Multiple Cross-Site Scripting Vulnerabilitie", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=114472089719033&w=2" - }, - { - "name" : "17449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17449" - }, - { - "name" : "ADV-2006-1300", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1300" - }, - { - "name" : "24491", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24491" - }, - { - "name" : "24492", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24492" - }, - { - "name" : "24493", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24493" - }, - { - "name" : "24494", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24494" - }, - { - "name" : "19603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19603" - }, - { - "name" : "jetphoto-name-page-xss(25745)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19603" + }, + { + "name": "20060411 JetPhoto Multiple Cross-Site Scripting Vulnerabilitie", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=114472089719033&w=2" + }, + { + "name": "24493", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24493" + }, + { + "name": "ADV-2006-1300", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1300" + }, + { + "name": "jetphoto-name-page-xss(25745)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25745" + }, + { + "name": "24492", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24492" + }, + { + "name": "24491", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24491" + }, + { + "name": "24494", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24494" + }, + { + "name": "17449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17449" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3474.json b/2006/3xxx/CVE-2006-3474.json index 4e473b66935..47482f3f6f6 100644 --- a/2006/3xxx/CVE-2006-3474.json +++ b/2006/3xxx/CVE-2006-3474.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060628 vCard PRO SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438589/100/100/threaded" - }, - { - "name" : "18699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18699" - }, - { - "name" : "1230", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1230" - }, - { - "name" : "vcard-multiple-scripts-sql-injection(27427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1230", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1230" + }, + { + "name": "vcard-multiple-scripts-sql-injection(27427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27427" + }, + { + "name": "18699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18699" + }, + { + "name": "20060628 vCard PRO SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438589/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3551.json b/2006/3xxx/CVE-2006-3551.json index 12867edbc6d..f2be1f8b105 100644 --- a/2006/3xxx/CVE-2006-3551.json +++ b/2006/3xxx/CVE-2006-3551.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send inbound UDP traffic with source port 67 and destination port 68, and outbound UDP traffic with source port 68 and destination port 67." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060630 NCP VPN/PKI Client: UDP Bypassing", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047547.html" - }, - { - "name" : "ncp-vpnpki-udp-bypass-security(27484)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send inbound UDP traffic with source port 67 and destination port 68, and outbound UDP traffic with source port 68 and destination port 67." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ncp-vpnpki-udp-bypass-security(27484)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27484" + }, + { + "name": "20060630 NCP VPN/PKI Client: UDP Bypassing", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047547.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3712.json b/2006/3xxx/CVE-2006-3712.json index defd369fa9c..5e7f756d100 100644 --- a/2006/3xxx/CVE-2006-3712.json +++ b/2006/3xxx/CVE-2006-3712.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4181.json b/2006/4xxx/CVE-2006-4181.json index ab6a9da65b3..6153a294661 100644 --- a/2006/4xxx/CVE-2006-4181.json +++ b/2006/4xxx/CVE-2006-4181.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061126 GNU Radius Format String Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443" - }, - { - "name" : "GLSA-200612-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-17.xml" - }, - { - "name" : "21303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21303" - }, - { - "name" : "ADV-2006-4712", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4712" - }, - { - "name" : "1017285", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017285" - }, - { - "name" : "23087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23087" - }, - { - "name" : "gnuradius-sqllog-format-string(30508)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23087" + }, + { + "name": "20061126 GNU Radius Format String Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443" + }, + { + "name": "GLSA-200612-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-17.xml" + }, + { + "name": "ADV-2006-4712", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4712" + }, + { + "name": "gnuradius-sqllog-format-string(30508)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30508" + }, + { + "name": "21303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21303" + }, + { + "name": "1017285", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017285" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4446.json b/2006/4xxx/CVE-2006-4446.json index 7ee3818fc1a..9b571c9ad18 100644 --- a/2006/4xxx/CVE-2006-4446.json +++ b/2006/4xxx/CVE-2006-4446.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060827 [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444504/100/0/threaded" - }, - { - "name" : "http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19", - "refsource" : "MISC", - "url" : "http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19" - }, - { - "name" : "MS06-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" - }, - { - "name" : "TA06-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" - }, - { - "name" : "19738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19738" - }, - { - "name" : "28841", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28841" - }, - { - "name" : "oval:org.mitre.oval:def:437", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437" - }, - { - "name" : "1016764", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016764" - }, - { - "name" : "21910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21910" - }, - { - "name" : "1468", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1468" - }, - { - "name" : "ie-daxctle-dos(28608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21910" + }, + { + "name": "1468", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1468" + }, + { + "name": "TA06-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" + }, + { + "name": "20060827 [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded" + }, + { + "name": "ie-daxctle-dos(28608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608" + }, + { + "name": "28841", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28841" + }, + { + "name": "http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19", + "refsource": "MISC", + "url": "http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19" + }, + { + "name": "oval:org.mitre.oval:def:437", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437" + }, + { + "name": "MS06-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" + }, + { + "name": "1016764", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016764" + }, + { + "name": "19738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19738" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4476.json b/2006/4xxx/CVE-2006-4476.json index c3f03014f80..54076c86814 100644 --- a/2006/4xxx/CVE-2006-4476.json +++ b/2006/4xxx/CVE-2006-4476.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to \"Injection Flaws,\" allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of \"exploit blocking rules\" in htaccess; and (9) the ACL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1841/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1841/78/" - }, - { - "name" : "http://www.joomla.org/content/view/1843/74/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1843/74/" - }, - { - "name" : "ADV-2006-3408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3408" - }, - { - "name" : "21666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to \"Injection Flaws,\" allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of \"exploit blocking rules\" in htaccess; and (9) the ACL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3408" + }, + { + "name": "http://www.joomla.org/content/view/1841/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1841/78/" + }, + { + "name": "21666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21666" + }, + { + "name": "http://www.joomla.org/content/view/1843/74/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1843/74/" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4563.json b/2006/4xxx/CVE-2006-4563.json index 5e971baaa46..653e5b2b02f 100644 --- a/2006/4xxx/CVE-2006-4563.json +++ b/2006/4xxx/CVE-2006-4563.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.jmagar.com/index.php?y=0&myh=user&myh_op=showLink&myh_link=8", - "refsource" : "CONFIRM", - "url" : "http://www.jmagar.com/index.php?y=0&myh=user&myh_op=showLink&myh_link=8" - }, - { - "name" : "19825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19825" - }, - { - "name" : "ADV-2006-3436", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3436" - }, - { - "name" : "28463", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28463" - }, - { - "name" : "21653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21653" - }, - { - "name" : "myheadlines-modules-xss(28718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "myheadlines-modules-xss(28718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28718" + }, + { + "name": "21653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21653" + }, + { + "name": "28463", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28463" + }, + { + "name": "ADV-2006-3436", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3436" + }, + { + "name": "http://www.jmagar.com/index.php?y=0&myh=user&myh_op=showLink&myh_link=8", + "refsource": "CONFIRM", + "url": "http://www.jmagar.com/index.php?y=0&myh=user&myh_op=showLink&myh_link=8" + }, + { + "name": "19825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19825" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4634.json b/2006/4xxx/CVE-2006-4634.json index 95925d44186..91c38f309ab 100644 --- a/2006/4xxx/CVE-2006-4634.json +++ b/2006/4xxx/CVE-2006-4634.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060901 XXS in Powered by vbzoom", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445000/100/0/threaded" - }, - { - "name" : "19803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19803" - }, - { - "name" : "16220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16220" - }, - { - "name" : "1520", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1520" - }, - { - "name" : "vbzoom-index-xss(28719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060901 XXS in Powered by vbzoom", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445000/100/0/threaded" + }, + { + "name": "vbzoom-index-xss(28719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28719" + }, + { + "name": "16220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16220" + }, + { + "name": "19803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19803" + }, + { + "name": "1520", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1520" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4916.json b/2006/4xxx/CVE-2006-4916.json index 408c636467c..cf30a614c66 100644 --- a/2006/4xxx/CVE-2006-4916.json +++ b/2006/4xxx/CVE-2006-4916.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2395", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2395" - }, - { - "name" : "20102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20102" - }, - { - "name" : "ADV-2006-3717", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3717" - }, - { - "name" : "22008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22008" - }, - { - "name" : "tekman-profil-sql-injection(29028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2395", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2395" + }, + { + "name": "ADV-2006-3717", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3717" + }, + { + "name": "tekman-profil-sql-injection(29028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29028" + }, + { + "name": "20102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20102" + }, + { + "name": "22008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22008" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7121.json b/2006/7xxx/CVE-2006-7121.json index 43313c97bc2..702d6c50d6f 100644 --- a/2006/7xxx/CVE-2006-7121.json +++ b/2006/7xxx/CVE-2006-7121.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061004 (0-day) Linksys SPA-921 VoIP Desktop Phone HTTP Server DoS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0089.html" - }, - { - "name" : "20346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20346" - }, - { - "name" : "29671", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29671" - }, - { - "name" : "22267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22267" - }, - { - "name" : "linksys-spa921-long-username-dos(29349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29671", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29671" + }, + { + "name": "20346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20346" + }, + { + "name": "22267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22267" + }, + { + "name": "linksys-spa921-long-username-dos(29349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29349" + }, + { + "name": "20061004 (0-day) Linksys SPA-921 VoIP Desktop Phone HTTP Server DoS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0089.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2065.json b/2010/2xxx/CVE-2010-2065.json index 1d34a64c220..236842eb07f 100644 --- a/2010/2xxx/CVE-2010-2065.json +++ b/2010/2xxx/CVE-2010-2065.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100623 CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127731610612908&w=2" - }, - { - "name" : "http://www.remotesensing.org/libtiff/v3.9.3.html", - "refsource" : "MISC", - "url" : "http://www.remotesensing.org/libtiff/v3.9.3.html" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=601274", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=601274" - }, - { - "name" : "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010" - }, - { - "name" : "GLSA-201209-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" - }, - { - "name" : "MDVSA-2011:043", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043" - }, - { - "name" : "SSA:2010-180-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424" - }, - { - "name" : "USN-954-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-954-1" - }, - { - "name" : "40181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40181" - }, - { - "name" : "40381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40381" - }, - { - "name" : "50726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50726" - }, - { - "name" : "ADV-2011-0204", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0204" - }, - { - "name" : "ADV-2011-0621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0621" - }, - { - "name" : "ADV-2010-1638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40181" + }, + { + "name": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010" + }, + { + "name": "[oss-security] 20100623 CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2" + }, + { + "name": "ADV-2010-1638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1638" + }, + { + "name": "SSA:2010-180-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424" + }, + { + "name": "ADV-2011-0621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0621" + }, + { + "name": "USN-954-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-954-1" + }, + { + "name": "GLSA-201209-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + }, + { + "name": "ADV-2011-0204", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0204" + }, + { + "name": "http://www.remotesensing.org/libtiff/v3.9.3.html", + "refsource": "MISC", + "url": "http://www.remotesensing.org/libtiff/v3.9.3.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=601274", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=601274" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565" + }, + { + "name": "MDVSA-2011:043", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043" + }, + { + "name": "40381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40381" + }, + { + "name": "50726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50726" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2947.json b/2010/2xxx/CVE-2010-2947.json index 690bf81754c..b721ab9bbda 100644 --- a/2010/2xxx/CVE-2010-2947.json +++ b/2010/2xxx/CVE-2010-2947.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100820 CVE Request: heap-based buffer overflow in libHX", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/20/5" - }, - { - "name" : "[oss-security] 20100820 Re: CVE Request: heap-based buffer overflow in libHX", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/20/12" - }, - { - "name" : "http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commit;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59", - "refsource" : "CONFIRM", - "url" : "http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commit;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=625866", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=625866" - }, - { - "name" : "MDVSA-2010:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:165" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "42592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42592" - }, - { - "name" : "ADV-2010-2232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42592" + }, + { + "name": "MDVSA-2010:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:165" + }, + { + "name": "ADV-2010-2232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2232" + }, + { + "name": "[oss-security] 20100820 CVE Request: heap-based buffer overflow in libHX", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/20/5" + }, + { + "name": "http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commit;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59", + "refsource": "CONFIRM", + "url": "http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commit;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59" + }, + { + "name": "[oss-security] 20100820 Re: CVE Request: heap-based buffer overflow in libHX", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/20/12" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=625866", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625866" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3309.json b/2010/3xxx/CVE-2010-3309.json index ffb019195ee..8c9886101a0 100644 --- a/2010/3xxx/CVE-2010-3309.json +++ b/2010/3xxx/CVE-2010-3309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3309", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3309", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3390.json b/2010/3xxx/CVE-2010-3390.json index 53f50b0a4ca..3dcc4bfdd89 100644 --- a/2010/3xxx/CVE-2010-3390.json +++ b/2010/3xxx/CVE-2010-3390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3435.json b/2010/3xxx/CVE-2010-3435.json index 31edf3b6bf3..7e1cf14a8b8 100644 --- a/2010/3xxx/CVE-2010-3435.json +++ b/2010/3xxx/CVE-2010-3435.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516909/100/0/threaded" - }, - { - "name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/21/3" - }, - { - "name" : "[oss-security] 20100924 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/24/2" - }, - { - "name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/8" - }, - { - "name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/4" - }, - { - "name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/5" - }, - { - "name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/7" - }, - { - "name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/10" - }, - { - "name" : "[oss-security] 20101025 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/25/2" - }, - { - "name" : "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2011/000126.html" - }, - { - "name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6", - "refsource" : "CONFIRM", - "url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=641335", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=641335" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html" - }, - { - "name" : "GLSA-201206-31", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml" - }, - { - "name" : "MDVSA-2010:220", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220" - }, - { - "name" : "RHSA-2010:0819", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0819.html" - }, - { - "name" : "RHSA-2010:0891", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0891.html" - }, - { - "name" : "49711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49711" - }, - { - "name" : "ADV-2011-0606", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/5" + }, + { + "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/21/3" + }, + { + "name": "GLSA-201206-31", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-31.xml" + }, + { + "name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html" + }, + { + "name": "ADV-2011-0606", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0606" + }, + { + "name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded" + }, + { + "name": "[oss-security] 20100924 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/24/2" + }, + { + "name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/10" + }, + { + "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/4" + }, + { + "name": "MDVSA-2010:220", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220" + }, + { + "name": "49711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49711" + }, + { + "name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6", + "refsource": "CONFIRM", + "url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6" + }, + { + "name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/7" + }, + { + "name": "RHSA-2010:0891", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0891.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=641335", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=641335" + }, + { + "name": "[oss-security] 20101025 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/25/2" + }, + { + "name": "RHSA-2010:0819", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0819.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html" + }, + { + "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/8" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3744.json b/2010/3xxx/CVE-2010-3744.json index 7e47d39bebf..c8a2192b13e 100644 --- a/2010/3xxx/CVE-2010-3744.json +++ b/2010/3xxx/CVE-2010-3744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3744", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3744", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3906.json b/2010/3xxx/CVE-2010-3906.json index e701025067b..9863f23af9b 100644 --- a/2010/3xxx/CVE-2010-3906.json +++ b/2010/3xxx/CVE-2010-3906.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-3906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15744", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15744" - }, - { - "name" : "FEDORA-2010-18973", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052782.html" - }, - { - "name" : "FEDORA-2010-18981", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052518.html" - }, - { - "name" : "MDVSA-2010:256", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:256" - }, - { - "name" : "RHSA-2010:1003", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-1003.html" - }, - { - "name" : "SUSE-SR:2011:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html" - }, - { - "name" : "45439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45439" - }, - { - "name" : "1024905", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024905" - }, - { - "name" : "42645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42645" - }, - { - "name" : "42731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42731" - }, - { - "name" : "42743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42743" - }, - { - "name" : "43457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43457" - }, - { - "name" : "ADV-2010-3323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3323" - }, - { - "name" : "ADV-2011-0010", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0010" - }, - { - "name" : "ADV-2011-0464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43457" + }, + { + "name": "42645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42645" + }, + { + "name": "FEDORA-2010-18981", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052518.html" + }, + { + "name": "42731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42731" + }, + { + "name": "ADV-2010-3323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3323" + }, + { + "name": "RHSA-2010:1003", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-1003.html" + }, + { + "name": "ADV-2011-0010", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0010" + }, + { + "name": "42743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42743" + }, + { + "name": "15744", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15744" + }, + { + "name": "SUSE-SR:2011:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html" + }, + { + "name": "MDVSA-2010:256", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:256" + }, + { + "name": "1024905", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024905" + }, + { + "name": "45439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45439" + }, + { + "name": "ADV-2011-0464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0464" + }, + { + "name": "FEDORA-2010-18973", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052782.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0065.json b/2011/0xxx/CVE-2011-0065.json index 31e6f217689..85d6bdbec64 100644 --- a/2011/0xxx/CVE-2011-0065.json +++ b/2011/0xxx/CVE-2011-0065.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=634986", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=634986" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "oval:org.mitre.oval:def:14142", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14142" - }, - { - "name" : "8326", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8326" - }, - { - "name" : "8331", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8331" - }, - { - "name" : "8340", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "8340", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8340" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html" + }, + { + "name": "8331", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8331" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=634986", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=634986" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "oval:org.mitre.oval:def:14142", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14142" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "8326", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8326" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0639.json b/2011/0xxx/CVE-2011-0639.json index 74972b7e556..d7e34f25953 100644 --- a/2011/0xxx/CVE-2011-0639.json +++ b/2011/0xxx/CVE-2011-0639.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://news.cnet.com/8301-27080_3-20028919-245.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-27080_3-20028919-245.html" - }, - { - "name" : "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou" - }, - { - "name" : "http://www.cs.gmu.edu/~astavrou/publications.html", - "refsource" : "MISC", - "url" : "http://www.cs.gmu.edu/~astavrou/publications.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://news.cnet.com/8301-27080_3-20028919-245.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-27080_3-20028919-245.html" + }, + { + "name": "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou", + "refsource": "MISC", + "url": "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou" + }, + { + "name": "http://www.cs.gmu.edu/~astavrou/publications.html", + "refsource": "MISC", + "url": "http://www.cs.gmu.edu/~astavrou/publications.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0824.json b/2011/0xxx/CVE-2011-0824.json index ef1c630a706..d1d59993254 100644 --- a/2011/0xxx/CVE-2011-0824.json +++ b/2011/0xxx/CVE-2011-0824.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality and integrity, related to Enterprise Infrastructure SEC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality and integrity, related to Enterprise Infrastructure SEC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1139.json b/2011/1xxx/CVE-2011-1139.json index 85f1c69c428..8107e9ddb8c 100644 --- a/2011/1xxx/CVE-2011-1139.json +++ b/2011/1xxx/CVE-2011-1139.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=35855", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=35855" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-03.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-04.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5661", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5661" - }, - { - "name" : "DSA-2201", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2201" - }, - { - "name" : "FEDORA-2011-2620", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html" - }, - { - "name" : "FEDORA-2011-2632", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html" - }, - { - "name" : "FEDORA-2011-2648", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html" - }, - { - "name" : "MDVSA-2011:044", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:044" - }, - { - "name" : "RHSA-2011:0370", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0370.html" - }, - { - "name" : "RHSA-2011:0369", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0369.html" - }, - { - "name" : "openSUSE-SU-2011:0347", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/8086844" - }, - { - "name" : "VU#215900", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/215900" - }, - { - "name" : "oval:org.mitre.oval:def:14997", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14997" - }, - { - "name" : "1025148", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025148" - }, - { - "name" : "43821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43821" - }, - { - "name" : "43795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43795" - }, - { - "name" : "44169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44169" - }, - { - "name" : "43759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43759" - }, - { - "name" : "ADV-2011-0719", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0719" - }, - { - "name" : "ADV-2011-0622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0622" - }, - { - "name" : "ADV-2011-0747", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0747" - }, - { - "name" : "ADV-2011-0626", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0626" - }, - { - "name" : "wireshark-pcapng-dos(65779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14997", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14997" + }, + { + "name": "openSUSE-SU-2011:0347", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/8086844" + }, + { + "name": "43759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43759" + }, + { + "name": "FEDORA-2011-2648", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html" + }, + { + "name": "FEDORA-2011-2620", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html" + }, + { + "name": "ADV-2011-0747", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0747" + }, + { + "name": "44169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44169" + }, + { + "name": "ADV-2011-0626", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0626" + }, + { + "name": "43795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43795" + }, + { + "name": "VU#215900", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/215900" + }, + { + "name": "RHSA-2011:0370", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0370.html" + }, + { + "name": "ADV-2011-0719", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0719" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5661", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5661" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=35855", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=35855" + }, + { + "name": "FEDORA-2011-2632", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-04.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-04.html" + }, + { + "name": "ADV-2011-0622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0622" + }, + { + "name": "wireshark-pcapng-dos(65779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65779" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-03.html" + }, + { + "name": "RHSA-2011:0369", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0369.html" + }, + { + "name": "MDVSA-2011:044", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:044" + }, + { + "name": "1025148", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025148" + }, + { + "name": "DSA-2201", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2201" + }, + { + "name": "43821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43821" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1272.json b/2011/1xxx/CVE-2011-1272.json index fae8ea75457..3cc255d561f 100644 --- a/2011/1xxx/CVE-2011-1272.json +++ b/2011/1xxx/CVE-2011-1272.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Insufficient Record Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045" - }, - { - "name" : "48157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48157" - }, - { - "name" : "oval:org.mitre.oval:def:12139", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Insufficient Record Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48157" + }, + { + "name": "oval:org.mitre.oval:def:12139", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139" + }, + { + "name": "MS11-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1599.json b/2011/1xxx/CVE-2011-1599.json index 2f0ff09597b..8b751915528 100644 --- a/2011/1xxx/CVE-2011-1599.json +++ b/2011/1xxx/CVE-2011-1599.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/22/6" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2011-006.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2011-006.html" - }, - { - "name" : "DSA-2225", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2225" - }, - { - "name" : "FEDORA-2011-5835", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html" - }, - { - "name" : "FEDORA-2011-6208", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html" - }, - { - "name" : "47537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47537" - }, - { - "name" : "1025433", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025433" - }, - { - "name" : "44197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44197" - }, - { - "name" : "44529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44529" - }, - { - "name" : "ADV-2011-1086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1086" - }, - { - "name" : "ADV-2011-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1107" - }, - { - "name" : "ADV-2011-1188", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-1188", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1188" + }, + { + "name": "FEDORA-2011-5835", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html" + }, + { + "name": "DSA-2225", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2225" + }, + { + "name": "[oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/22/6" + }, + { + "name": "47537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47537" + }, + { + "name": "ADV-2011-1086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1086" + }, + { + "name": "1025433", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025433" + }, + { + "name": "ADV-2011-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1107" + }, + { + "name": "44529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44529" + }, + { + "name": "FEDORA-2011-6208", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2011-006.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2011-006.html" + }, + { + "name": "44197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44197" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1880.json b/2011/1xxx/CVE-2011-1880.json index 9df653fbd53..c8eb23bff59 100644 --- a/2011/1xxx/CVE-2011-1880.json +++ b/2011/1xxx/CVE-2011-1880.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Null Pointer De-reference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100144947", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144947" - }, - { - "name" : "MS11-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "48597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48597" - }, - { - "name" : "73786", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73786" - }, - { - "name" : "oval:org.mitre.oval:def:12000", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12000" - }, - { - "name" : "1025761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025761" - }, - { - "name" : "45186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Null Pointer De-reference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48597" + }, + { + "name": "MS11-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" + }, + { + "name": "73786", + "refsource": "OSVDB", + "url": "http://osvdb.org/73786" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144947", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144947" + }, + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "oval:org.mitre.oval:def:12000", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12000" + }, + { + "name": "45186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45186" + }, + { + "name": "1025761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025761" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1942.json b/2011/1xxx/CVE-2011-1942.json index ad55f8d2e63..71db0599e2f 100644 --- a/2011/1xxx/CVE-2011-1942.json +++ b/2011/1xxx/CVE-2011-1942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5090.json b/2011/5xxx/CVE-2011-5090.json index 010b12c265d..05b3d64edef 100644 --- a/2011/5xxx/CVE-2011-5090.json +++ b/2011/5xxx/CVE-2011-5090.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GR Board (aka grboard) 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to (1) mod_rewrite.php, (2) comment_write_ok.php, (3) poll/index.php, (4) update/index.php, (5) trackback.php, or (6) an arbitrary poll.php script under theme/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sirini.net/grboard/board.php?id=developer&articleNo=591", - "refsource" : "MISC", - "url" : "http://sirini.net/grboard/board.php?id=developer&articleNo=591" - }, - { - "name" : "grboard-security-bypass(75856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GR Board (aka grboard) 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to (1) mod_rewrite.php, (2) comment_write_ok.php, (3) poll/index.php, (4) update/index.php, (5) trackback.php, or (6) an arbitrary poll.php script under theme/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sirini.net/grboard/board.php?id=developer&articleNo=591", + "refsource": "MISC", + "url": "http://sirini.net/grboard/board.php?id=developer&articleNo=591" + }, + { + "name": "grboard-security-bypass(75856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75856" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5150.json b/2011/5xxx/CVE-2011-5150.json index ef4ce8d2a0e..3df498efcf2 100644 --- a/2011/5xxx/CVE-2011-5150.json +++ b/2011/5xxx/CVE-2011-5150.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "77989", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77989" - }, - { - "name" : "47309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77989", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77989" + }, + { + "name": "47309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47309" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3070.json b/2014/3xxx/CVE-2014-3070.json index 8b38f4ac426..0adbf575912 100644 --- a/2014/3xxx/CVE-2014-3070.json +++ b/2014/3xxx/CVE-2014-3070.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249" - }, - { - "name" : "PI16765", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765" - }, - { - "name" : "69296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69296" - }, - { - "name" : "ibm-websphere-cve20143070-sec-bypass(93777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20143070-sec-bypass(93777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93777" + }, + { + "name": "69296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69296" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249" + }, + { + "name": "PI16765", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3423.json b/2014/3xxx/CVE-2014-3423.json index e0786df4ee0..5507418aef2 100644 --- a/2014/3xxx/CVE-2014-3423.json +++ b/2014/3xxx/CVE-2014-3423.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html" - }, - { - "name" : "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/07/7" - }, - { - "name" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", - "refsource" : "MISC", - "url" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0250.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0250.html" - }, - { - "name" : "MDVSA-2015:117", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/07/7" + }, + { + "name": "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html" + }, + { + "name": "MDVSA-2015:117", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0250.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0250.html" + }, + { + "name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", + "refsource": "MISC", + "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3561.json b/2014/3xxx/CVE-2014-3561.json index 56b8c339c0b..8e28ffddf04 100644 --- a/2014/3xxx/CVE-2014-3561.json +++ b/2014/3xxx/CVE-2014-3561.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:1947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1947.html" - }, - { - "name" : "1031291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031291" - }, - { - "name" : "rhevm-log-collector-info-disc(99096)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rhevm-log-collector-info-disc(99096)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99096" + }, + { + "name": "1031291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031291" + }, + { + "name": "RHSA-2014:1947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1947.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3753.json b/2014/3xxx/CVE-2014-3753.json index 241cd49f35d..c1a5647d79d 100644 --- a/2014/3xxx/CVE-2014-3753.json +++ b/2014/3xxx/CVE-2014-3753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3753", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3753", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3940.json b/2014/3xxx/CVE-2014-3940.json index 12b91ab0ae0..7092916de19 100644 --- a/2014/3xxx/CVE-2014-3940.json +++ b/2014/3xxx/CVE-2014-3940.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20140318 [PATCH RESEND -mm 1/2] mm: add !pte_present() check on existing hugetlb_entry callbacks", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2014/3/18/784" - }, - { - "name" : "[oss-security] 20140602 CVE-2014-3940 - Linux kernel - missing check during hugepage migration", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/02/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1104097", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1104097" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html" - }, - { - "name" : "RHSA-2015:0290", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0290.html" - }, - { - "name" : "RHSA-2015:1272", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1272.html" - }, - { - "name" : "67786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67786" - }, - { - "name" : "59011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59011" - }, - { - "name" : "61310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1104097", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104097" + }, + { + "name": "59011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59011" + }, + { + "name": "[linux-kernel] 20140318 [PATCH RESEND -mm 1/2] mm: add !pte_present() check on existing hugetlb_entry callbacks", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2014/3/18/784" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html" + }, + { + "name": "RHSA-2015:0290", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html" + }, + { + "name": "[oss-security] 20140602 CVE-2014-3940 - Linux kernel - missing check during hugepage migration", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/02/5" + }, + { + "name": "67786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67786" + }, + { + "name": "61310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61310" + }, + { + "name": "RHSA-2015:1272", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6136.json b/2014/6xxx/CVE-2014-6136.json index a9c6f3b131b..1fc7a41c3c2 100644 --- a/2014/6xxx/CVE-2014-6136.json +++ b/2014/6xxx/CVE-2014-6136.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695170", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695170" - }, - { - "name" : "ibm-appscan-cve20146136-info-disc(96816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695170", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695170" + }, + { + "name": "ibm-appscan-cve20146136-info-disc(96816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96816" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6873.json b/2014/6xxx/CVE-2014-6873.json index 3133ed17d67..482ccca789c 100644 --- a/2014/6xxx/CVE-2014-6873.json +++ b/2014/6xxx/CVE-2014-6873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AMGC (aka com.amec.uae) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#318585", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/318585" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AMGC (aka com.amec.uae) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#318585", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/318585" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7525.json b/2014/7xxx/CVE-2014-7525.json index 873d2f473fa..e5200e0797e 100644 --- a/2014/7xxx/CVE-2014-7525.json +++ b/2014/7xxx/CVE-2014-7525.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application 0.64.13398.55733 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#803025", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/803025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application 0.64.13398.55733 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#803025", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/803025" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7796.json b/2014/7xxx/CVE-2014-7796.json index 316ce454adc..de1f0ad052a 100644 --- a/2014/7xxx/CVE-2014-7796.json +++ b/2014/7xxx/CVE-2014-7796.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#503825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/503825" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#503825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/503825" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7888.json b/2014/7xxx/CVE-2014-7888.json index a0c42aba7eb..e9995e4ec0a 100644 --- a/2014/7xxx/CVE-2014-7888.json +++ b/2014/7xxx/CVE-2014-7888.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-7888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF03279", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" - }, - { - "name" : "SSRT101696", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" - }, - { - "name" : "1031840", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101696", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" + }, + { + "name": "1031840", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031840" + }, + { + "name": "HPSBHF03279", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8105.json b/2014/8xxx/CVE-2014-8105.json index 0ef3ce95a1b..cef876b0ef4 100644 --- a/2014/8xxx/CVE-2014-8105.json +++ b/2014/8xxx/CVE-2014-8105.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html", - "refsource" : "CONFIRM", - "url" : "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html" - }, - { - "name" : "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html", - "refsource" : "CONFIRM", - "url" : "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html" - }, - { - "name" : "FEDORA-2015-3368", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html" - }, - { - "name" : "RHSA-2015:0416", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0416.html" - }, - { - "name" : "RHSA-2015:0628", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0628.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html", + "refsource": "CONFIRM", + "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html" + }, + { + "name": "RHSA-2015:0416", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html" + }, + { + "name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html", + "refsource": "CONFIRM", + "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html" + }, + { + "name": "RHSA-2015:0628", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html" + }, + { + "name": "FEDORA-2015-3368", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8421.json b/2014/8xxx/CVE-2014-8421.json index d62027a9103..74309c1713e 100644 --- a/2014/8xxx/CVE-2014-8421.json +++ b/2014/8xxx/CVE-2014-8421.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", - "refsource" : "MISC", - "url" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt" - }, - { - "name" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", - "refsource" : "CONFIRM", - "url" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", + "refsource": "CONFIRM", + "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf" + }, + { + "name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", + "refsource": "MISC", + "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8501.json b/2014/8xxx/CVE-2014-8501.json index 612f240f99f..2173162c705 100644 --- a/2014/8xxx/CVE-2014-8501.json +++ b/2014/8xxx/CVE-2014-8501.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141026 Re: Re: strings / libbfd crasher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/26/3" - }, - { - "name" : "[oss-security] 20141031 Re: strings / libbfd crasher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/31/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1162570", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1162570" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17512" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "FEDORA-2014-14838", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html" - }, - { - "name" : "FEDORA-2014-14963", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html" - }, - { - "name" : "FEDORA-2014-14995", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html" - }, - { - "name" : "FEDORA-2014-17586", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html" - }, - { - "name" : "FEDORA-2014-17603", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html" - }, - { - "name" : "FEDORA-2015-0471", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html" - }, - { - "name" : "GLSA-201612-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-24" - }, - { - "name" : "MDVSA-2015:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029" - }, - { - "name" : "USN-2496-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2496-1" - }, - { - "name" : "70866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70866" - }, - { - "name" : "62241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62241" - }, - { - "name" : "62746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62241" + }, + { + "name": "MDVSA-2015:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e" + }, + { + "name": "USN-2496-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2496-1" + }, + { + "name": "FEDORA-2014-14995", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1162570", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162570" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17512" + }, + { + "name": "FEDORA-2014-17603", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html" + }, + { + "name": "70866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70866" + }, + { + "name": "FEDORA-2014-14963", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html" + }, + { + "name": "FEDORA-2015-0471", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html" + }, + { + "name": "62746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62746" + }, + { + "name": "[oss-security] 20141031 Re: strings / libbfd crasher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/31/1" + }, + { + "name": "FEDORA-2014-14838", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html" + }, + { + "name": "FEDORA-2014-17586", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html" + }, + { + "name": "[oss-security] 20141026 Re: Re: strings / libbfd crasher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/26/3" + }, + { + "name": "GLSA-201612-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-24" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8551.json b/2014/8xxx/CVE-2014-8551.json index 0e36853ab4a..9339cf4f54e 100644 --- a/2014/8xxx/CVE-2014-8551.json +++ b/2014/8xxx/CVE-2014-8551.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2188.json b/2016/2xxx/CVE-2016-2188.json index f3380aa54cb..5073363989c 100644 --- a/2016/2xxx/CVE-2016-2188.json +++ b/2016/2xxx/CVE-2016-2188.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Mar/87" - }, - { - "name" : "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Mar/118" - }, - { - "name" : "39556", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39556/" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317018", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317018" - }, - { - "name" : "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0" - }, - { - "name" : "SUSE-SU-2016:1672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:1690", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:1696", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html" - }, - { - "name" : "SUSE-SU-2016:1707", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" - }, - { - "name" : "SUSE-SU-2016:1764", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "openSUSE-SU-2016:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html" - }, - { - "name" : "USN-2996-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2996-1" - }, - { - "name" : "USN-2997-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2997-1" - }, - { - "name" : "USN-2968-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2968-1" - }, - { - "name" : "USN-2968-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2968-2" - }, - { - "name" : "USN-2969-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2969-1" - }, - { - "name" : "USN-2970-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2970-1" - }, - { - "name" : "USN-2971-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-1" - }, - { - "name" : "USN-2971-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-2" - }, - { - "name" : "USN-2971-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2971-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-2" + }, + { + "name": "SUSE-SU-2016:1690", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" + }, + { + "name": "39556", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39556/" + }, + { + "name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Mar/87" + }, + { + "name": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0" + }, + { + "name": "SUSE-SU-2016:1696", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html" + }, + { + "name": "USN-2970-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2970-1" + }, + { + "name": "USN-2969-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2969-1" + }, + { + "name": "USN-2968-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2968-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018" + }, + { + "name": "USN-2971-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-3" + }, + { + "name": "USN-2997-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2997-1" + }, + { + "name": "SUSE-SU-2016:1764", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + }, + { + "name": "USN-2971-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-1" + }, + { + "name": "SUSE-SU-2016:1707", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" + }, + { + "name": "USN-2996-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2996-1" + }, + { + "name": "SUSE-SU-2016:1672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + }, + { + "name": "USN-2968-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2968-2" + }, + { + "name": "openSUSE-SU-2016:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0" + }, + { + "name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Mar/118" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2580.json b/2016/2xxx/CVE-2016-2580.json index d048f1e41e6..4d2baebaf80 100644 --- a/2016/2xxx/CVE-2016-2580.json +++ b/2016/2xxx/CVE-2016-2580.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2580", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2580", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2638.json b/2016/2xxx/CVE-2016-2638.json index 4a5e4b92323..087dc29b306 100644 --- a/2016/2xxx/CVE-2016-2638.json +++ b/2016/2xxx/CVE-2016-2638.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2638", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2638", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6203.json b/2016/6xxx/CVE-2016-6203.json index ffee1babbb1..9652c18f32c 100644 --- a/2016/6xxx/CVE-2016-6203.json +++ b/2016/6xxx/CVE-2016-6203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6203", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6253.json b/2016/6xxx/CVE-2016-6253.json index a488e184885..7e3e2169c54 100644 --- a/2016/6xxx/CVE-2016-6253.json +++ b/2016/6xxx/CVE-2016-6253.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40141", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40141/" - }, - { - "name" : "40385", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40385/" - }, - { - "name" : "http://akat1.pl/?id=2", - "refsource" : "MISC", - "url" : "http://akat1.pl/?id=2" - }, - { - "name" : "http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html" - }, - { - "name" : "http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local" - }, - { - "name" : "NetBSD-SA2016-006", - "refsource" : "NETBSD", - "url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc" - }, - { - "name" : "92101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92101" - }, - { - "name" : "1036429", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "NetBSD-SA2016-006", + "refsource": "NETBSD", + "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc" + }, + { + "name": "http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html" + }, + { + "name": "40141", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40141/" + }, + { + "name": "40385", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40385/" + }, + { + "name": "92101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92101" + }, + { + "name": "http://akat1.pl/?id=2", + "refsource": "MISC", + "url": "http://akat1.pl/?id=2" + }, + { + "name": "1036429", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036429" + }, + { + "name": "http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6337.json b/2016/6xxx/CVE-2016-6337.json index 673ec0717e5..b32b1fcefe5 100644 --- a/2016/6xxx/CVE-2016-6337.json +++ b/2016/6xxx/CVE-2016-6337.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html" - }, - { - "name" : "https://phabricator.wikimedia.org/T139670", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T139670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://phabricator.wikimedia.org/T139670", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T139670" + }, + { + "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18085.json b/2017/18xxx/CVE-2017-18085.json index f6ce2f645bf..38ca5e1e40d 100644 --- a/2017/18xxx/CVE-2017-18085.json +++ b/2017/18xxx/CVE-2017-18085.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-02T00:00:00", - "ID" : "CVE-2017-18085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Confluence", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 6.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-02T00:00:00", + "ID": "CVE-2017-18085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence", + "version": { + "version_data": [ + { + "version_value": "prior to 6.6.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CONFSERVER-54905", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CONFSERVER-54905" - }, - { - "name" : "103062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103062" + }, + { + "name": "https://jira.atlassian.com/browse/CONFSERVER-54905", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CONFSERVER-54905" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18350.json b/2017/18xxx/CVE-2017-18350.json index 1e267341a35..56c2f01bbbb 100644 --- a/2017/18xxx/CVE-2017-18350.json +++ b/2017/18xxx/CVE-2017-18350.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18350", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18350", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5043.json b/2017/5xxx/CVE-2017-5043.json index 0b3b27d030e..177db53a36b 100644 --- a/2017/5xxx/CVE-2017-5043.json +++ b/2017/5xxx/CVE-2017-5043.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/683523", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/683523" - }, - { - "name" : "DSA-3810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3810" - }, - { - "name" : "GLSA-201704-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-02" - }, - { - "name" : "RHSA-2017:0499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html" - }, - { - "name" : "96767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201704-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-02" + }, + { + "name": "DSA-3810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3810" + }, + { + "name": "96767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96767" + }, + { + "name": "RHSA-2017:0499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + }, + { + "name": "https://crbug.com/683523", + "refsource": "CONFIRM", + "url": "https://crbug.com/683523" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5684.json b/2017/5xxx/CVE-2017-5684.json index d653d4e8bcd..1ef8cac8ab6 100644 --- a/2017/5xxx/CVE-2017-5684.json +++ b/2017/5xxx/CVE-2017-5684.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2017-5684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Compute Stick STK2MV64CC", - "version" : { - "version_data" : [ - { - "version_value" : "Before CC047" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-5684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Compute Stick STK2MV64CC", + "version": { + "version_data": [ + { + "version_value": "Before CC047" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5713.json b/2017/5xxx/CVE-2017-5713.json index ff48fdc445a..52e11a1fa00 100644 --- a/2017/5xxx/CVE-2017-5713.json +++ b/2017/5xxx/CVE-2017-5713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5818.json b/2017/5xxx/CVE-2017-5818.json index 18f2c65b457..9463f74a147 100644 --- a/2017/5xxx/CVE-2017-5818.json +++ b/2017/5xxx/CVE-2017-5818.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-07-21T00:00:00", - "ID" : "CVE-2017-5818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 E0504P04" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-07-21T00:00:00", + "ID": "CVE-2017-5818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 E0504P04" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us" - }, - { - "name" : "1038478", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038478", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038478" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5905.json b/2017/5xxx/CVE-2017-5905.json index bea6349e3dd..640b9242fc1 100644 --- a/2017/5xxx/CVE-2017-5905.json +++ b/2017/5xxx/CVE-2017-5905.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file