diff --git a/2006/0xxx/CVE-2006-0555.json b/2006/0xxx/CVE-2006-0555.json index 5132cb68a8e..d9954cc756e 100644 --- a/2006/0xxx/CVE-2006-0555.json +++ b/2006/0xxx/CVE-2006-0555.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security-info@sgi.com", + "ID": "CVE-2006-0555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" - }, - { - "name" : "DSA-1103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1103" - }, - { - "name" : "FEDORA-2006-131", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00003.html" - }, - { - "name" : "MDKSA-2006:059", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059" - }, - { - "name" : "RHSA-2006:0493", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "USN-263-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/263-1/" - }, - { - "name" : "16922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16922" - }, - { - "name" : "oval:org.mitre.oval:def:9932", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9932" - }, - { - "name" : "ADV-2006-0804", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0804" - }, - { - "name" : "ADV-2006-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2554" - }, - { - "name" : "19083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19083" - }, - { - "name" : "19108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19108" - }, - { - "name" : "19220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19220" - }, - { - "name" : "20237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20237" - }, - { - "name" : "20914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20914" - }, - { - "name" : "21745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21745" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "kernel-odirect-dos(25000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2006-131", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00003.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" + }, + { + "name": "RHSA-2006:0493", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html" + }, + { + "name": "ADV-2006-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2554" + }, + { + "name": "19220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19220" + }, + { + "name": "21745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21745" + }, + { + "name": "kernel-odirect-dos(25000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25000" + }, + { + "name": "ADV-2006-0804", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0804" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "DSA-1103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1103" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5" + }, + { + "name": "20237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20237" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "oval:org.mitre.oval:def:9932", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9932" + }, + { + "name": "MDKSA-2006:059", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059" + }, + { + "name": "19083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19083" + }, + { + "name": "16922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16922" + }, + { + "name": "19108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19108" + }, + { + "name": "USN-263-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/263-1/" + }, + { + "name": "20914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20914" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0970.json b/2006/0xxx/CVE-2006-0970.json index b36b0c07bd6..3ecd67487c5 100644 --- a/2006/0xxx/CVE-2006-0970.json +++ b/2006/0xxx/CVE-2006-0970.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060227 Knowledgebases Remote Command Exucetion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426214/100/0/threaded" - }, - { - "name" : "3228", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3228" - }, - { - "name" : "505", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/505" - }, - { - "name" : "activecampaign-index-command-execution(24989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "505", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/505" + }, + { + "name": "activecampaign-index-command-execution(24989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24989" + }, + { + "name": "20060227 Knowledgebases Remote Command Exucetion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426214/100/0/threaded" + }, + { + "name": "3228", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3228" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1074.json b/2006/1xxx/CVE-2006-1074.json index fc573e6177b..4cf7bad3432 100644 --- a/2006/1xxx/CVE-2006-1074.json +++ b/2006/1xxx/CVE-2006-1074.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060306 Multiple vulnerabilities in Liero Xtreme 0.62b", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426864/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/lieroxxx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/lieroxxx-adv.txt" - }, - { - "name" : "16992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16992" - }, - { - "name" : "ADV-2006-0849", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0849" - }, - { - "name" : "19079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19079" - }, - { - "name" : "liero-connect-dos(25185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0849", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0849" + }, + { + "name": "20060306 Multiple vulnerabilities in Liero Xtreme 0.62b", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426864/100/0/threaded" + }, + { + "name": "19079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19079" + }, + { + "name": "16992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16992" + }, + { + "name": "liero-connect-dos(25185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25185" + }, + { + "name": "http://aluigi.altervista.org/adv/lieroxxx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/lieroxxx-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1228.json b/2006/1xxx/CVE-2006-1228.json index 4a1d8160aaf..59a5cd39978 100644 --- a/2006/1xxx/CVE-2006-1228.json +++ b/2006/1xxx/CVE-2006-1228.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060314 [DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427589/100/0/threaded" - }, - { - "name" : "http://drupal.org/node/53805", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/53805" - }, - { - "name" : "DSA-1007", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1007" - }, - { - "name" : "17104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17104" - }, - { - "name" : "23911", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23911" - }, - { - "name" : "19245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19245" - }, - { - "name" : "19257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19257" - }, - { - "name" : "580", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/580" - }, - { - "name" : "drupal-login-session-hijacking(25205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/53805", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/53805" + }, + { + "name": "580", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/580" + }, + { + "name": "23911", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23911" + }, + { + "name": "DSA-1007", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1007" + }, + { + "name": "17104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17104" + }, + { + "name": "drupal-login-session-hijacking(25205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25205" + }, + { + "name": "19245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19245" + }, + { + "name": "19257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19257" + }, + { + "name": "20060314 [DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427589/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1590.json b/2006/1xxx/CVE-2006-1590.json index fcff14ccf87..6c0433d044c 100644 --- a/2006/1xxx/CVE-2006-1590.json +++ b/2006/1xxx/CVE-2006-1590.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[secureideas-base-devel] 20060328 3 XSS in BASE 1.2.4", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=10064470&forum_id=42223" - }, - { - "name" : "17391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17391" - }, - { - "name" : "ADV-2006-1264", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1264" - }, - { - "name" : "24307", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24307" - }, - { - "name" : "20835", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20835" - }, - { - "name" : "19544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19544" - }, - { - "name" : "base-multiple-scripts-xss(25671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17391" + }, + { + "name": "ADV-2006-1264", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1264" + }, + { + "name": "20835", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20835" + }, + { + "name": "base-multiple-scripts-xss(25671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25671" + }, + { + "name": "[secureideas-base-devel] 20060328 3 XSS in BASE 1.2.4", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=10064470&forum_id=42223" + }, + { + "name": "24307", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24307" + }, + { + "name": "19544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19544" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3314.json b/2006/3xxx/CVE-2006-3314.json index dcf0b5e98ee..4ec296b9aa0 100644 --- a/2006/3xxx/CVE-2006-3314.json +++ b/2006/3xxx/CVE-2006-3314.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060617 RahnemaCo \"page.php\" Remote File Inclusion[2]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437836/100/0/threaded" - }, - { - "name" : "18490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18490" - }, - { - "name" : "1016346", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016346" - }, - { - "name" : "1167", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1167" - }, - { - "name" : "rahnemaco-page-file-include(27365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1167", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1167" + }, + { + "name": "20060617 RahnemaCo \"page.php\" Remote File Inclusion[2]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437836/100/0/threaded" + }, + { + "name": "18490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18490" + }, + { + "name": "rahnemaco-page-file-include(27365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27365" + }, + { + "name": "1016346", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016346" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3909.json b/2006/3xxx/CVE-2006-3909.json index 479a0d18e0b..99a3e3c262b 100644 --- a/2006/3xxx/CVE-2006-3909.json +++ b/2006/3xxx/CVE-2006-3909.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060725 wwwThreads XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441191/100/0/threaded" - }, - { - "name" : "http://www.aria-security.net/advisory/wwwthreads.txt", - "refsource" : "MISC", - "url" : "http://www.aria-security.net/advisory/wwwthreads.txt" - }, - { - "name" : "19177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19177" - }, - { - "name" : "ADV-2006-3005", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3005" - }, - { - "name" : "27542", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27542" - }, - { - "name" : "21221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21221" - }, - { - "name" : "wwwthreads-calendar-xss(27997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21221" + }, + { + "name": "20060725 wwwThreads XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441191/100/0/threaded" + }, + { + "name": "27542", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27542" + }, + { + "name": "wwwthreads-calendar-xss(27997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27997" + }, + { + "name": "http://www.aria-security.net/advisory/wwwthreads.txt", + "refsource": "MISC", + "url": "http://www.aria-security.net/advisory/wwwthreads.txt" + }, + { + "name": "ADV-2006-3005", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3005" + }, + { + "name": "19177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19177" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4307.json b/2006/4xxx/CVE-2006-4307.json index 69b1e9aa412..cab31aee7f4 100644 --- a/2006/4xxx/CVE-2006-4307.json +++ b/2006/4xxx/CVE-2006-4307.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "102514", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1" - }, - { - "name" : "19647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19647" - }, - { - "name" : "ADV-2006-3355", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3355" - }, - { - "name" : "oval:org.mitre.oval:def:1573", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1573" - }, - { - "name" : "1016726", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016726" - }, - { - "name" : "21581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21581" - }, - { - "name" : "22295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016726", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016726" + }, + { + "name": "21581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21581" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "ADV-2006-3355", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3355" + }, + { + "name": "22295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22295" + }, + { + "name": "19647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19647" + }, + { + "name": "102514", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1" + }, + { + "name": "oval:org.mitre.oval:def:1573", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1573" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4314.json b/2006/4xxx/CVE-2006-4314.json index 9276b272008..d1d390df34e 100644 --- a/2006/4xxx/CVE-2006-4314.json +++ b/2006/4xxx/CVE-2006-4314.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060822 Symantec Enterprise Security Manager Denial-of-Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444068/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2006.08.21a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2006.08.21a.html" - }, - { - "name" : "19580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19580" - }, - { - "name" : "ADV-2006-3353", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3353" - }, - { - "name" : "28108", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28108" - }, - { - "name" : "1016728", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016728" - }, - { - "name" : "21548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21548" - }, - { - "name" : "1437", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016728", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016728" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2006.08.21a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2006.08.21a.html" + }, + { + "name": "21548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21548" + }, + { + "name": "19580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19580" + }, + { + "name": "ADV-2006-3353", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3353" + }, + { + "name": "28108", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28108" + }, + { + "name": "1437", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1437" + }, + { + "name": "20060822 Symantec Enterprise Security Manager Denial-of-Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444068/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4561.json b/2006/4xxx/CVE-2006-4561.json index f4f4499190e..e503a3f426b 100644 --- a/2006/4xxx/CVE-2006-4561.json +++ b/2006/4xxx/CVE-2006-4561.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443209/100/200/threaded" - }, - { - "name" : "http://polyboy.net/xss/dnsslurp.html", - "refsource" : "MISC", - "url" : "http://polyboy.net/xss/dnsslurp.html" - }, - { - "name" : "http://shampoo.antville.org/stories/1451301/", - "refsource" : "MISC", - "url" : "http://shampoo.antville.org/stories/1451301/" - }, - { - "name" : "31834", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded" + }, + { + "name": "http://shampoo.antville.org/stories/1451301/", + "refsource": "MISC", + "url": "http://shampoo.antville.org/stories/1451301/" + }, + { + "name": "http://polyboy.net/xss/dnsslurp.html", + "refsource": "MISC", + "url": "http://polyboy.net/xss/dnsslurp.html" + }, + { + "name": "31834", + "refsource": "OSVDB", + "url": "http://osvdb.org/31834" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4806.json b/2006/4xxx/CVE-2006-4806.json index 2f7cb3b6c19..48c9108fbba 100644 --- a/2006/4xxx/CVE-2006-4806.json +++ b/2006/4xxx/CVE-2006-4806.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz", - "refsource" : "MISC", - "url" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz" - }, - { - "name" : "GLSA-200612-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-20.xml" - }, - { - "name" : "MDKSA-2006:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198" - }, - { - "name" : "MDKSA-2007:156", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156" - }, - { - "name" : "SUSE-SR:2006:026", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html" - }, - { - "name" : "USN-376-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-376-1" - }, - { - "name" : "USN-376-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-376-2" - }, - { - "name" : "20903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20903" - }, - { - "name" : "ADV-2006-4349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4349" - }, - { - "name" : "30105", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30105" - }, - { - "name" : "30106", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30106" - }, - { - "name" : "30107", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30107" - }, - { - "name" : "30108", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30108" - }, - { - "name" : "30109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30109" - }, - { - "name" : "22732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22732" - }, - { - "name" : "22744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22744" - }, - { - "name" : "22752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22752" - }, - { - "name" : "23441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23441" - }, - { - "name" : "22932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22932" - }, - { - "name" : "imlib2-load-overflow(30064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22932" + }, + { + "name": "MDKSA-2007:156", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156" + }, + { + "name": "22752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22752" + }, + { + "name": "MDKSA-2006:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198" + }, + { + "name": "30106", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30106" + }, + { + "name": "30109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30109" + }, + { + "name": "SUSE-SR:2006:026", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" + }, + { + "name": "20903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20903" + }, + { + "name": "30108", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30108" + }, + { + "name": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz", + "refsource": "MISC", + "url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz" + }, + { + "name": "30105", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30105" + }, + { + "name": "USN-376-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-376-2" + }, + { + "name": "30107", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30107" + }, + { + "name": "GLSA-200612-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-20.xml" + }, + { + "name": "ADV-2006-4349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4349" + }, + { + "name": "23441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23441" + }, + { + "name": "22732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22732" + }, + { + "name": "22744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22744" + }, + { + "name": "USN-376-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-376-1" + }, + { + "name": "imlib2-load-overflow(30064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30064" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2070.json b/2010/2xxx/CVE-2010-2070.json index 3a37fa4c300..e7ddb925539 100644 --- a/2010/2xxx/CVE-2010-2070.json +++ b/2010/2xxx/CVE-2010-2070.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and \"turn on BE by modifying the user mask of the PSR,\" as demonstrated via exploitation of CVE-2006-0742." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[oss-security] 20100611 CVE-2010-2070 kernel-xen: ia64-xen: unset be from the task psr", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/10/2" - }, - { - "name" : "http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb", - "refsource" : "MISC", - "url" : "http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=586415", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=586415" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "RHSA-2010:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0610.html" - }, - { - "name" : "40776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40776" - }, - { - "name" : "65541", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65541" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - }, - { - "name" : "xen-faults-dos(59373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and \"turn on BE by modifying the user mask of the PSR,\" as demonstrated via exploitation of CVE-2006-0742." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html" + }, + { + "name": "http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb", + "refsource": "MISC", + "url": "http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb" + }, + { + "name": "[oss-security] 20100611 CVE-2010-2070 kernel-xen: ia64-xen: unset be from the task psr", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/10/2" + }, + { + "name": "65541", + "refsource": "OSVDB", + "url": "http://osvdb.org/65541" + }, + { + "name": "40776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40776" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "xen-faults-dos(59373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59373" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=586415", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=586415" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2507.json b/2010/2xxx/CVE-2010-2507.json index 598e65db19a..a33ce9d5df4 100644 --- a/2010/2xxx/CVE-2010-2507.json +++ b/2010/2xxx/CVE-2010-2507.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13981", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13981" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt" - }, - { - "name" : "41031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41031" - }, - { - "name" : "65674", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65674" - }, - { - "name" : "40297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40297" - }, - { - "name" : "picasa2gallerycom-index-file-include(59669)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13981", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13981" + }, + { + "name": "picasa2gallerycom-index-file-include(59669)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59669" + }, + { + "name": "40297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40297" + }, + { + "name": "65674", + "refsource": "OSVDB", + "url": "http://osvdb.org/65674" + }, + { + "name": "41031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41031" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2775.json b/2010/2xxx/CVE-2010-2775.json index 1f1e25e6eb7..5aee2dac5ac 100644 --- a/2010/2xxx/CVE-2010-2775.json +++ b/2010/2xxx/CVE-2010-2775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2775", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2775", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2971.json b/2010/2xxx/CVE-2010-2971.json index 53d48e663a6..4f39d1b4691 100644 --- a/2010/2xxx/CVE-2010-2971.json +++ b/2010/2xxx/CVE-2010-2971.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=614643", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=614643" - }, - { - "name" : "DSA-2081", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2081" - }, - { - "name" : "GLSA-201203-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-10.xml" - }, - { - "name" : "MDVSA-2010:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151" - }, - { - "name" : "48244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151" + }, + { + "name": "48244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48244" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227" + }, + { + "name": "GLSA-201203-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=614643", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643" + }, + { + "name": "DSA-2081", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2081" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3288.json b/2010/3xxx/CVE-2010-3288.json index 54b199e76f4..5b77b54da7c 100644 --- a/2010/3xxx/CVE-2010-3288.json +++ b/2010/3xxx/CVE-2010-3288.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-3288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02591", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128768031706686&w=2" - }, - { - "name" : "SSRT100299", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128768031706686&w=2" - }, - { - "name" : "1024622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02591", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128768031706686&w=2" + }, + { + "name": "SSRT100299", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128768031706686&w=2" + }, + { + "name": "1024622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024622" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3330.json b/2010/3xxx/CVE-2010-3330.json index a810718ddf0..4b6660a8b9a 100644 --- a/2010/3xxx/CVE-2010-3330.json +++ b/2010/3xxx/CVE-2010-3330.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka \"Cross-Domain Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100113324", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100113324" - }, - { - "name" : "MS10-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6928", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka \"Cross-Domain Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6928", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6928" + }, + { + "name": "MS10-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100113324", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100113324" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3333.json b/2010/3xxx/CVE-2010-3333.json index 6bbd45fd19c..c2857d62bf8 100644 --- a/2010/3xxx/CVE-2010-3333.json +++ b/2010/3xxx/CVE-2010-3333.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka \"RTF Stack Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101109 Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880" - }, - { - "name" : "MS10-087", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087" - }, - { - "name" : "TA10-313A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" - }, - { - "name" : "44652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44652" - }, - { - "name" : "oval:org.mitre.oval:def:11931", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11931" - }, - { - "name" : "1024705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024705" - }, - { - "name" : "38521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38521" - }, - { - "name" : "42144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42144" - }, - { - "name" : "8293", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8293" - }, - { - "name" : "ADV-2010-2923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka \"RTF Stack Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024705" + }, + { + "name": "8293", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8293" + }, + { + "name": "42144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42144" + }, + { + "name": "38521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38521" + }, + { + "name": "ADV-2010-2923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2923" + }, + { + "name": "20101109 Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880" + }, + { + "name": "oval:org.mitre.oval:def:11931", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11931" + }, + { + "name": "MS10-087", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087" + }, + { + "name": "TA10-313A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" + }, + { + "name": "44652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44652" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3397.json b/2010/3xxx/CVE-2010-3397.json index 11773e892b3..994740a34c2 100644 --- a/2010/3xxx/CVE-2010-3397.json +++ b/2010/3xxx/CVE-2010-3397.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100909 PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513596/100/0/threaded" - }, - { - "name" : "42856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42856" - }, - { - "name" : "41135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100909 PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513596/100/0/threaded" + }, + { + "name": "42856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42856" + }, + { + "name": "41135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41135" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3967.json b/2010/3xxx/CVE-2010-3967.json index 590b3596501..c7800a238b9 100644 --- a/2010/3xxx/CVE-2010-3967.json +++ b/2010/3xxx/CVE-2010-3967.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka \"Insecure Library Loading Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-093", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-093" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12250", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12250" - }, - { - "name" : "1024875", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024875" - }, - { - "name" : "42607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42607" - }, - { - "name" : "ADV-2010-3216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka \"Insecure Library Loading Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "oval:org.mitre.oval:def:12250", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12250" + }, + { + "name": "42607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42607" + }, + { + "name": "1024875", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024875" + }, + { + "name": "ADV-2010-3216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3216" + }, + { + "name": "MS10-093", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-093" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4025.json b/2010/4xxx/CVE-2010-4025.json index 9f1b9547163..d630fc4650d 100644 --- a/2010/4xxx/CVE-2010-4025.json +++ b/2010/4xxx/CVE-2010-4025.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-4025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMI02573", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128821239031677&w=2" - }, - { - "name" : "SSRT100227", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128821239031677&w=2" - }, - { - "name" : "1024656", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024656" - }, - { - "name" : "42023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMI02573", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128821239031677&w=2" + }, + { + "name": "SSRT100227", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128821239031677&w=2" + }, + { + "name": "1024656", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024656" + }, + { + "name": "42023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42023" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4671.json b/2010/4xxx/CVE-2010-4671.json index 465d7cb094a..19608a49049 100644 --- a/2010/4xxx/CVE-2010-4671.json +++ b/2010/4xxx/CVE-2010-4671.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html", - "refsource" : "MISC", - "url" : "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html" - }, - { - "name" : "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3", - "refsource" : "MISC", - "url" : "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3" - }, - { - "name" : "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4", - "refsource" : "MISC", - "url" : "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4" - }, - { - "name" : "http://www.youtube.com/watch?v=00yjWB6gGy8", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=00yjWB6gGy8" - }, - { - "name" : "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" - }, - { - "name" : "45760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45760" - }, - { - "name" : "ciscoios-neighbor-discovery-dos(64589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45760" + }, + { + "name": "ciscoios-neighbor-discovery-dos(64589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64589" + }, + { + "name": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4", + "refsource": "MISC", + "url": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4" + }, + { + "name": "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", + "refsource": "CONFIRM", + "url": "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" + }, + { + "name": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3", + "refsource": "MISC", + "url": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3" + }, + { + "name": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html", + "refsource": "MISC", + "url": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html" + }, + { + "name": "http://www.youtube.com/watch?v=00yjWB6gGy8", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=00yjWB6gGy8" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4912.json b/2010/4xxx/CVE-2010-4912.json index 28b8370626a..81be6af078c 100644 --- a/2010/4xxx/CVE-2010-4912.json +++ b/2010/4xxx/CVE-2010-4912.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14997", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14997" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt" - }, - { - "name" : "8446", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8446" - }, - { - "name" : "ucenter-shop-sql-injection(61783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ucenter-shop-sql-injection(61783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61783" + }, + { + "name": "14997", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14997" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt" + }, + { + "name": "8446", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8446" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1161.json b/2011/1xxx/CVE-2011-1161.json index 7d814576375..a460f664d97 100644 --- a/2011/1xxx/CVE-2011-1161.json +++ b/2011/1xxx/CVE-2011-1161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1161", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1160, CVE-2011-1162. Reason: This candidate was withdrawn by its CNA. Further investigation showed that only two candidates, CVE-2011-1160 and CVE-2011-1162, were needed for the set of security issues in question. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-1161", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1160, CVE-2011-1162. Reason: This candidate was withdrawn by its CNA. Further investigation showed that only two candidates, CVE-2011-1160 and CVE-2011-1162, were needed for the set of security issues in question. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5228.json b/2011/5xxx/CVE-2011-5228.json index cbe63dea36f..e550651fd3d 100644 --- a/2011/5xxx/CVE-2011-5228.json +++ b/2011/5xxx/CVE-2011-5228.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18249", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18249" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=362", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=362" - }, - { - "name" : "51105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51105" - }, - { - "name" : "appraincmf-search-xss(71881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51105" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=362", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=362" + }, + { + "name": "18249", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18249" + }, + { + "name": "appraincmf-search-xss(71881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71881" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3552.json b/2014/3xxx/CVE-2014-3552.json index 7c9fdb38115..16db1da5718 100644 --- a/2014/3xxx/CVE-2014-3552.json +++ b/2014/3xxx/CVE-2014-3552.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140721 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=264261", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=264261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140721 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/21/1" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=264261", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=264261" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3813.json b/2014/3xxx/CVE-2014-3813.json index d12b8c767db..a4f670299c3 100644 --- a/2014/3xxx/CVE-2014-3813.json +++ b/2014/3xxx/CVE-2014-3813.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631" - }, - { - "name" : "59026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631" + }, + { + "name": "59026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59026" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3981.json b/2014/3xxx/CVE-2014-3981.json index 7582baca085..09c57dd0242 100644 --- a/2014/3xxx/CVE-2014-3981.json +++ b/2014/3xxx/CVE-2014-3981.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140604 More /tmp fun (PHP, Lynis)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/21" - }, - { - "name" : "[oss-security] 20140606 Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/06/06/12" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16" - }, - { - "name" : "https://bugs.php.net/bug.php?id=67390", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=67390" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1104978", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1104978" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "HPSBUX03150", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141390017113542&w=2" - }, - { - "name" : "HPSBUX03102", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "SSRT101681", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486" + }, + { + "name": "HPSBUX03102", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "HPSBUX03150", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141390017113542&w=2" + }, + { + "name": "https://bugs.php.net/bug.php?id=67390", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=67390" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1104978", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104978" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "SSRT101681", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "20140604 More /tmp fun (PHP, Lynis)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/21" + }, + { + "name": "[oss-security] 20140606 Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/06/06/12" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8093.json b/2014/8xxx/CVE-2014-8093.json index c7cfe0e01c1..0ecbe118281 100644 --- a/2014/8xxx/CVE-2014-8093.json +++ b/2014/8xxx/CVE-2014-8093.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/3610", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/3610" - }, - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0532.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0532.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "DSA-3095", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3095" - }, - { - "name" : "GLSA-201504-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-06" - }, - { - "name" : "MDVSA-2015:119", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" - }, - { - "name" : "71596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71596" - }, - { - "name" : "62292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62292" - }, - { - "name" : "61947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3095", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3095" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0532.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0532.html" + }, + { + "name": "GLSA-201504-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-06" + }, + { + "name": "62292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62292" + }, + { + "name": "71596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71596" + }, + { + "name": "MDVSA-2015:119", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "61947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61947" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8429.json b/2014/8xxx/CVE-2014-8429.json index 5bd884c18d7..aa9f90b9439 100644 --- a/2014/8xxx/CVE-2014-8429.json +++ b/2014/8xxx/CVE-2014-8429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141126 Cross-Site Request Forgery (CSRF) in xEpan", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534096/100/0/threaded" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23240", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23240", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23240" + }, + { + "name": "20141126 Cross-Site Request Forgery (CSRF) in xEpan", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534096/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8445.json b/2014/8xxx/CVE-2014-8445.json index cfb95fac9c6..81371ca90cd 100644 --- a/2014/8xxx/CVE-2014-8445.json +++ b/2014/8xxx/CVE-2014-8445.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-8445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8578.json b/2014/8xxx/CVE-2014-8578.json index e5de2ddc0be..59a784ba49c 100644 --- a/2014/8xxx/CVE-2014-8578.json +++ b/2014/8xxx/CVE-2014-8578.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/08/6" - }, - { - "name" : "https://bugs.launchpad.net/horizon/+bug/1320235", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/horizon/+bug/1320235" - }, - { - "name" : "68456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68456" + }, + { + "name": "https://bugs.launchpad.net/horizon/+bug/1320235", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/horizon/+bug/1320235" + }, + { + "name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/08/6" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8698.json b/2014/8xxx/CVE-2014-8698.json index 91fe85af51e..b3f28a98f0f 100644 --- a/2014/8xxx/CVE-2014-8698.json +++ b/2014/8xxx/CVE-2014-8698.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8698", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8698", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9267.json b/2014/9xxx/CVE-2014-9267.json index a218888a48d..6287ffdb3bb 100644 --- a/2014/9xxx/CVE-2014-9267.json +++ b/2014/9xxx/CVE-2014-9267.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-398/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-398/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-399/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-399/" - }, - { - "name" : "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001", - "refsource" : "MISC", - "url" : "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001" - }, - { - "name" : "71491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-398/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-398/" + }, + { + "name": "71491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71491" + }, + { + "name": "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001", + "refsource": "MISC", + "url": "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-399/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-399/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9329.json b/2014/9xxx/CVE-2014-9329.json index f7b0c24d72a..1f54133a415 100644 --- a/2014/9xxx/CVE-2014-9329.json +++ b/2014/9xxx/CVE-2014-9329.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9329", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9329", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9753.json b/2014/9xxx/CVE-2014-9753.json index ea35bfe8dba..5745e2b8745 100644 --- a/2014/9xxx/CVE-2014-9753.json +++ b/2014/9xxx/CVE-2014-9753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9753", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9753", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9766.json b/2014/9xxx/CVE-2014-9766.json index 1ad3cac8b4a..e9c30d69103 100644 --- a/2014/9xxx/CVE-2014-9766.json +++ b/2014/9xxx/CVE-2014-9766.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Pixman] 20140409 [PATCH] create_bits(): Cast the result of height * stride to size_t", - "refsource" : "MLIST", - "url" : "https://lists.freedesktop.org/archives/pixman/2014-April/003244.html" - }, - { - "name" : "[oss-security] 20160224 Re: [Pixman] create_bits(): Cast the result of height * stride to size_t", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/24/15" - }, - { - "name" : "[oss-security] 20160224 [Pixman] create_bits(): Cast the result of height * stride to size_t", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/24/13" - }, - { - "name" : "[xorg-announce] 20140705 [ANNOUNCE] pixman release 0.32.6 now available", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2014-July/002452.html" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=69014", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=69014" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=972647", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=972647" - }, - { - "name" : "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3525", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3525" - }, - { - "name" : "USN-2918-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2918-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=69014", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=69014" + }, + { + "name": "[Pixman] 20140409 [PATCH] create_bits(): Cast the result of height * stride to size_t", + "refsource": "MLIST", + "url": "https://lists.freedesktop.org/archives/pixman/2014-April/003244.html" + }, + { + "name": "[oss-security] 20160224 [Pixman] create_bits(): Cast the result of height * stride to size_t", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/24/13" + }, + { + "name": "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=972647", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=972647" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "[oss-security] 20160224 Re: [Pixman] create_bits(): Cast the result of height * stride to size_t", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/24/15" + }, + { + "name": "[xorg-announce] 20140705 [ANNOUNCE] pixman release 0.32.6 now available", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2014-July/002452.html" + }, + { + "name": "USN-2918-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2918-1" + }, + { + "name": "DSA-3525", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3525" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9920.json b/2014/9xxx/CVE-2014-9920.json index d2fc1241644..10a0204b011 100644 --- a/2014/9xxx/CVE-2014-9920.json +++ b/2014/9xxx/CVE-2014-9920.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2014-9920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "McAfee Application Control (MAC)", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized execution of binary vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2014-9920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Application Control (MAC)", + "version": { + "version_data": [ + { + "version_value": "6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10077", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized execution of binary vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10077", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10077" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2143.json b/2016/2xxx/CVE-2016-2143.json index 1fc6391e21e..faf7ffd46ce 100644 --- a/2016/2xxx/CVE-2016-2143.json +++ b/2016/2xxx/CVE-2016-2143.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1" - }, - { - "name" : "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2016-2143", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2016-2143" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "RHSA-2016:1539", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1539.html" - }, - { - "name" : "RHSA-2016:2766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2766.html" - }, - { - "name" : "SUSE-SU-2016:1672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:1690", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:1707", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" - }, - { - "name" : "SUSE-SU-2016:1764", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:1019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1690", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1" + }, + { + "name": "RHSA-2016:2766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1" + }, + { + "name": "SUSE-SU-2016:1764", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2016-2143", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-2143" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "RHSA-2016:1539", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html" + }, + { + "name": "SUSE-SU-2016:1707", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" + }, + { + "name": "SUSE-SU-2016:1672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + }, + { + "name": "SUSE-SU-2016:1019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2235.json b/2016/2xxx/CVE-2016-2235.json index 4914b28bec4..8c0c1d47504 100644 --- a/2016/2xxx/CVE-2016-2235.json +++ b/2016/2xxx/CVE-2016-2235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2235", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2235", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2337.json b/2016/2xxx/CVE-2016-2337.json index 3c975b8d03a..37fcb7a3dde 100644 --- a/2016/2xxx/CVE-2016-2337.json +++ b/2016/2xxx/CVE-2016-2337.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-2337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ruby", + "version": { + "version_data": [ + { + "version_value": "2.3.0 dev" + }, + { + "version_value": "2.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Ruby" + }, + { + "product": { + "product_data": [ + { + "product_name": "Tcl/Tk", + "version": { + "version_data": [ + { + "version_value": "8.6 or later" + } + ] + } + } + ] + }, + "vendor_name": "Tcl" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Ruby", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.0 dev" - }, - { - "version_value" : "2.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Ruby" + "lang": "eng", + "value": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "type confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0031/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/" }, { - "product" : { - "product_data" : [ - { - "product_name" : "Tcl/Tk", - "version" : { - "version_data" : [ - { - "version_value" : "8.6 or later" - } - ] - } - } - ] - }, - "vendor_name" : "Tcl" + "name": "91233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91233" + }, + { + "name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html" + }, + { + "name": "GLSA-201710-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-18" } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "type confusion" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html" - }, - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0031/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0031/" - }, - { - "name" : "GLSA-201710-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-18" - }, - { - "name" : "91233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91233" - } - ] - } -} + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2391.json b/2016/2xxx/CVE-2016-2391.json index 03efbe9df06..ede5cf28aa0 100644 --- a/2016/2xxx/CVE-2016-2391.json +++ b/2016/2xxx/CVE-2016-2391.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160216 CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/16/2" - }, - { - "name" : "[qemu-devel] 20160216 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1304794", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1304794" - }, - { - "name" : "USN-2974-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2974-1" - }, - { - "name" : "83263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83263" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360" + }, + { + "name": "[oss-security] 20160216 CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/16/2" + }, + { + "name": "USN-2974-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2974-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1304794", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304794" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + }, + { + "name": "[qemu-devel] 20160216 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2404.json b/2016/2xxx/CVE-2016-2404.json index cd5f95c6024..bed2da23e3d 100644 --- a/2016/2xxx/CVE-2016-2404.json +++ b/2016/2xxx/CVE-2016-2404.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-2404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00,", - "version" : { - "version_data" : [ - { - "version_value" : "S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00," - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Permission Control" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-2404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00,", + "version": { + "version_data": [ + { + "version_value": "S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00," + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6389.json b/2016/6xxx/CVE-2016-6389.json index 2182c88a88f..2c9021f74b3 100644 --- a/2016/6xxx/CVE-2016-6389.json +++ b/2016/6xxx/CVE-2016-6389.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6389", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-6389", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6626.json b/2016/6xxx/CVE-2016-6626.json index 429b336f69f..fc0752a4e1a 100644 --- a/2016/6xxx/CVE-2016-6626.json +++ b/2016/6xxx/CVE-2016-6626.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-49", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-49" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "92490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-49", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-49" + }, + { + "name": "92490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92490" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7661.json b/2016/7xxx/CVE-2016-7661.json index 88aea5e7fcc..05f88620757 100644 --- a/2016/7xxx/CVE-2016-7661.json +++ b/2016/7xxx/CVE-2016-7661.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"Power Management\" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40931", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40931/" - }, - { - "name" : "40958", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40958/" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94906" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"Power Management\" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94906" + }, + { + "name": "40931", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40931/" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "40958", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40958/" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7731.json b/2016/7xxx/CVE-2016-7731.json index 51c0ae6aa06..44552a43e37 100644 --- a/2016/7xxx/CVE-2016-7731.json +++ b/2016/7xxx/CVE-2016-7731.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7731", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7731", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file