diff --git a/2006/0xxx/CVE-2006-0039.json b/2006/0xxx/CVE-2006-0039.json index b39afa70e37..fd673d4cf17 100644 --- a/2006/0xxx/CVE-2006-0039.json +++ b/2006/0xxx/CVE-2006-0039.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=133465", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=133465" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13", - "refsource" : "MISC", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" - }, - { - "name" : "DSA-1097", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1097" - }, - { - "name" : "DSA-1103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1103" - }, - { - "name" : "RHSA-2006:0689", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html" - }, - { - "name" : "USN-311-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-311-1" - }, - { - "name" : "18113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18113" - }, - { - "name" : "oval:org.mitre.oval:def:10309", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10309" - }, - { - "name" : "ADV-2006-1893", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1893" - }, - { - "name" : "ADV-2006-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2554" - }, - { - "name" : "25697", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25697" - }, - { - "name" : "20185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20185" - }, - { - "name" : "20671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20671" - }, - { - "name" : "20914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20914" - }, - { - "name" : "20991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20991" - }, - { - "name" : "22292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22292" - }, - { - "name" : "22945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22945" - }, - { - "name" : "21476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21476" - }, - { - "name" : "linux-doaddcounters-race-condition(26583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2554" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13", + "refsource": "MISC", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13" + }, + { + "name": "ADV-2006-1893", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1893" + }, + { + "name": "21476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21476" + }, + { + "name": "linux-doaddcounters-race-condition(26583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26583" + }, + { + "name": "22292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22292" + }, + { + "name": "RHSA-2006:0689", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html" + }, + { + "name": "oval:org.mitre.oval:def:10309", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10309" + }, + { + "name": "DSA-1097", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1097" + }, + { + "name": "20185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20185" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17" + }, + { + "name": "USN-311-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-311-1" + }, + { + "name": "DSA-1103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1103" + }, + { + "name": "25697", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25697" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698" + }, + { + "name": "22945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22945" + }, + { + "name": "20991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20991" + }, + { + "name": "20671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20671" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=133465", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=133465" + }, + { + "name": "18113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18113" + }, + { + "name": "20914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20914" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0492.json b/2006/0xxx/CVE-2006-0492.json index 8c34e86f583..43a8b7f1ed4 100644 --- a/2006/0xxx/CVE-2006-0492.json +++ b/2006/0xxx/CVE-2006-0492.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060201 [eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423656/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/52/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/52/summary.html" - }, - { - "name" : "16456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16456" - }, - { - "name" : "ADV-2006-0365", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0365" - }, - { - "name" : "22810", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22810" - }, - { - "name" : "22811", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22811" - }, - { - "name" : "1015560", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015560" - }, - { - "name" : "18667", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18667" - }, - { - "name" : "394", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/394" - }, - { - "name" : "calendarix-multiple-sql-injection(24332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22811", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22811" + }, + { + "name": "calendarix-multiple-sql-injection(24332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24332" + }, + { + "name": "394", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/394" + }, + { + "name": "http://www.evuln.com/vulns/52/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/52/summary.html" + }, + { + "name": "1015560", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015560" + }, + { + "name": "20060201 [eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423656/100/0/threaded" + }, + { + "name": "18667", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18667" + }, + { + "name": "16456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16456" + }, + { + "name": "ADV-2006-0365", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0365" + }, + { + "name": "22810", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22810" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0679.json b/2006/0xxx/CVE-2006-0679.json index 8bd2db06653..508d7419f4e 100644 --- a/2006/0xxx/CVE-2006-0679.json +++ b/2006/0xxx/CVE-2006-0679.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425173/100/0/threaded" - }, - { - "name" : "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0358.html" - }, - { - "name" : "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/32" - }, - { - "name" : "16691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16691" - }, - { - "name" : "ADV-2006-0636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0636" - }, - { - "name" : "23259", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23259" - }, - { - "name" : "18931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18931" - }, - { - "name" : "440", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/440" - }, - { - "name" : "phpnuke-youraccount-sql-injection(24769)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0358.html" + }, + { + "name": "phpnuke-youraccount-sql-injection(24769)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24769" + }, + { + "name": "18931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18931" + }, + { + "name": "23259", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23259" + }, + { + "name": "16691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16691" + }, + { + "name": "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425173/100/0/threaded" + }, + { + "name": "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/32" + }, + { + "name": "440", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/440" + }, + { + "name": "ADV-2006-0636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0636" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0786.json b/2006/0xxx/CVE-2006-0786.json index 1af9dfeb8f5..b2a153da3f5 100644 --- a/2006/0xxx/CVE-2006-0786.json +++ b/2006/0xxx/CVE-2006-0786.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for \"http://\", \"ftp://\", and \"https://\" URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060216 PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425196/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html" - }, - { - "name" : "1015640", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015640" - }, - { - "name" : "445", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for \"http://\", \"ftp://\", and \"https://\" URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015640", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015640" + }, + { + "name": "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html" + }, + { + "name": "445", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/445" + }, + { + "name": "20060216 PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425196/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0919.json b/2006/0xxx/CVE-2006-0919.json index 9a49695dcd3..0ad60b5beda 100644 --- a/2006/0xxx/CVE-2006-0919.json +++ b/2006/0xxx/CVE-2006-0919.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060223 HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425924/100/0/threaded" - }, - { - "name" : "http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt", - "refsource" : "MISC", - "url" : "http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt" - }, - { - "name" : "ADV-2006-0718", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0718" - }, - { - "name" : "23462", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23462" - }, - { - "name" : "18993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23462", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23462" + }, + { + "name": "http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt", + "refsource": "MISC", + "url": "http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt" + }, + { + "name": "20060223 HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425924/100/0/threaded" + }, + { + "name": "18993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18993" + }, + { + "name": "ADV-2006-0718", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0718" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1547.json b/2006/1xxx/CVE-2006-1547.json index 98199a79bee..8d81374e259 100644 --- a/2006/1xxx/CVE-2006-1547.json +++ b/2006/1xxx/CVE-2006-1547.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html" - }, - { - "name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=38534", - "refsource" : "CONFIRM", - "url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=38534" - }, - { - "name" : "SUSE-SR:2006:010", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" - }, - { - "name" : "17342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17342" - }, - { - "name" : "ADV-2006-1205", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1205" - }, - { - "name" : "1015856", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015856" - }, - { - "name" : "19493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19493" - }, - { - "name" : "20117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20117" - }, - { - "name" : "struts-actionform-dos(25613)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015856", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015856" + }, + { + "name": "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html" + }, + { + "name": "ADV-2006-1205", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1205" + }, + { + "name": "17342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17342" + }, + { + "name": "19493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19493" + }, + { + "name": "struts-actionform-dos(25613)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25613" + }, + { + "name": "SUSE-SR:2006:010", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" + }, + { + "name": "20117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20117" + }, + { + "name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38534", + "refsource": "CONFIRM", + "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38534" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3119.json b/2006/3xxx/CVE-2006-3119.json index fc2c953c541..4b5837fa455 100644 --- a/2006/3xxx/CVE-2006-3119.json +++ b/2006/3xxx/CVE-2006-3119.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-3119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1124", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1124" - }, - { - "name" : "GLSA-200608-22", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-22.xml" - }, - { - "name" : "SUSE-SR:2006:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_19_sr.html" - }, - { - "name" : "19131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19131" - }, - { - "name" : "ADV-2006-2982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2982" - }, - { - "name" : "21169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21169" - }, - { - "name" : "21191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21191" - }, - { - "name" : "21599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21599" - }, - { - "name" : "21459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21459" - }, - { - "name" : "fbida-fbgs-typo-security-bypass(28038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200608-22", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-22.xml" + }, + { + "name": "19131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19131" + }, + { + "name": "ADV-2006-2982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2982" + }, + { + "name": "21599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21599" + }, + { + "name": "21459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21459" + }, + { + "name": "SUSE-SR:2006:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html" + }, + { + "name": "fbida-fbgs-typo-security-bypass(28038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28038" + }, + { + "name": "DSA-1124", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1124" + }, + { + "name": "21169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21169" + }, + { + "name": "21191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21191" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3447.json b/2006/3xxx/CVE-2006-3447.json index 1440fb665a7..a5feb1fed53 100644 --- a/2006/3xxx/CVE-2006-3447.json +++ b/2006/3xxx/CVE-2006-3447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3447", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-3447", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3625.json b/2006/3xxx/CVE-2006-3625.json index 210c7a96e07..5d95aa639b9 100644 --- a/2006/3xxx/CVE-2006-3625.json +++ b/2006/3xxx/CVE-2006-3625.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060712 FLV Players Multiple Input Validation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439886/100/0/threaded" - }, - { - "name" : "flvplayer-player-path-disclosure(27726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flvplayer-player-path-disclosure(27726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27726" + }, + { + "name": "20060712 FLV Players Multiple Input Validation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439886/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3891.json b/2006/3xxx/CVE-2006-3891.json index c5994d9e84c..d9a6d42e6d8 100644 --- a/2006/3xxx/CVE-2006-3891.json +++ b/2006/3xxx/CVE-2006-3891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3891", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4014.json b/2006/4xxx/CVE-2006-4014.json index 0216110ac17..30a319480bc 100644 --- a/2006/4xxx/CVE-2006-4014.json +++ b/2006/4xxx/CVE-2006-4014.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) \"by sending invalid posts\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html" - }, - { - "name" : "19182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19182" - }, - { - "name" : "ADV-2006-3018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3018" - }, - { - "name" : "1016600", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016600" - }, - { - "name" : "21223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) \"by sending invalid posts\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016600", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016600" + }, + { + "name": "19182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19182" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html" + }, + { + "name": "ADV-2006-3018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3018" + }, + { + "name": "21223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21223" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4642.json b/2006/4xxx/CVE-2006-4642.json index 64c04880932..e966ce34d41 100644 --- a/2006/4xxx/CVE-2006-4642.json +++ b/2006/4xxx/CVE-2006-4642.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AuditWizard 6.3.2, when using \"Remote Audit,\" logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060905 AuditWizard 6.3.2 gives away administrator password", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445220/100/0/threaded" - }, - { - "name" : "19860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19860" - }, - { - "name" : "ADV-2006-3498", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3498" - }, - { - "name" : "1016795", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016795" - }, - { - "name" : "21773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21773" - }, - { - "name" : "1525", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1525" - }, - { - "name" : "auditwizard-remoteaudit-password-disclosure(28743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AuditWizard 6.3.2, when using \"Remote Audit,\" logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "auditwizard-remoteaudit-password-disclosure(28743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28743" + }, + { + "name": "20060905 AuditWizard 6.3.2 gives away administrator password", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445220/100/0/threaded" + }, + { + "name": "21773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21773" + }, + { + "name": "ADV-2006-3498", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3498" + }, + { + "name": "1525", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1525" + }, + { + "name": "1016795", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016795" + }, + { + "name": "19860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19860" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2226.json b/2010/2xxx/CVE-2010-2226.json index 3297bce10de..174f6de553a 100644 --- a/2010/2xxx/CVE-2010-2226.json +++ b/2010/2xxx/CVE-2010-2226.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[oss-security] 20100617 CVE request - kernel: xfs swapext ioctl issue", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127677135609357&w=2" - }, - { - "name" : "[oss-security] 20100618 Re: CVE request - kernel: xfs swapext ioctl issue", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127687486331790&w=2" - }, - { - "name" : "[xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues", - "refsource" : "MLIST", - "url" : "http://archives.free.net.ph/message/20100616.130710.301704aa.en.html" - }, - { - "name" : "[xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues", - "refsource" : "MLIST", - "url" : "http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=605158", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=605158" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "DSA-2094", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2094" - }, - { - "name" : "MDVSA-2010:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name" : "RHSA-2010:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0610.html" - }, - { - "name" : "SUSE-SA:2010:060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "40920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40920" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html" + }, + { + "name": "[xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues", + "refsource": "MLIST", + "url": "http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63" + }, + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "[oss-security] 20100618 Re: CVE request - kernel: xfs swapext ioctl issue", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127687486331790&w=2" + }, + { + "name": "MDVSA-2010:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=605158", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=605158" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "SUSE-SA:2010:060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "[oss-security] 20100617 CVE request - kernel: xfs swapext ioctl issue", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127677135609357&w=2" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "[xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues", + "refsource": "MLIST", + "url": "http://archives.free.net.ph/message/20100616.130710.301704aa.en.html" + }, + { + "name": "DSA-2094", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2094" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "40920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40920" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2242.json b/2010/2xxx/CVE-2010-2242.json index ba6e51e9be4..ed2eeecc586 100644 --- a/2010/2xxx/CVE-2010-2242.json +++ b/2010/2xxx/CVE-2010-2242.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libvirt.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/news.html" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=602455", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=602455" - }, - { - "name" : "FEDORA-2010-10960", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" - }, - { - "name" : "FEDORA-2010-11021", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" - }, - { - "name" : "RHSA-2010:0615", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0615.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-1008-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-1" - }, - { - "name" : "USN-1008-2", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-2" - }, - { - "name" : "USN-1008-3", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-3" - }, - { - "name" : "ADV-2010-2062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2062" - }, - { - "name" : "ADV-2010-2763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2062" + }, + { + "name": "http://libvirt.org/news.html", + "refsource": "CONFIRM", + "url": "http://libvirt.org/news.html" + }, + { + "name": "FEDORA-2010-10960", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" + }, + { + "name": "USN-1008-2", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-2" + }, + { + "name": "FEDORA-2010-11021", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" + }, + { + "name": "RHSA-2010:0615", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943" + }, + { + "name": "USN-1008-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=602455", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "USN-1008-3", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-3" + }, + { + "name": "ADV-2010-2763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2763" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2431.json b/2010/2xxx/CVE-2010-2431.json index fd25cc1e63a..902f22611a4 100644 --- a/2010/2xxx/CVE-2010-2431.json +++ b/2010/2xxx/CVE-2010-2431.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cups.org/articles.php?L596", - "refsource" : "CONFIRM", - "url" : "http://cups.org/articles.php?L596" - }, - { - "name" : "http://cups.org/str.php?L3510", - "refsource" : "CONFIRM", - "url" : "http://cups.org/str.php?L3510" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=605397", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=605397" - }, - { - "name" : "DSA-2176", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2176" - }, - { - "name" : "GLSA-201207-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201207-10.xml" - }, - { - "name" : "MDVSA-2010:232", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:232" - }, - { - "name" : "MDVSA-2010:234", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:234" - }, - { - "name" : "RHSA-2010:0811", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2010-0811.html" - }, - { - "name" : "43521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43521" - }, - { - "name" : "ADV-2010-2856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2856" - }, - { - "name" : "ADV-2011-0535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:234", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:234" + }, + { + "name": "RHSA-2010:0811", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2010-0811.html" + }, + { + "name": "http://cups.org/articles.php?L596", + "refsource": "CONFIRM", + "url": "http://cups.org/articles.php?L596" + }, + { + "name": "MDVSA-2010:232", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:232" + }, + { + "name": "ADV-2010-2856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2856" + }, + { + "name": "DSA-2176", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2176" + }, + { + "name": "GLSA-201207-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201207-10.xml" + }, + { + "name": "ADV-2011-0535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0535" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=605397", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=605397" + }, + { + "name": "43521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43521" + }, + { + "name": "http://cups.org/str.php?L3510", + "refsource": "CONFIRM", + "url": "http://cups.org/str.php?L3510" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2721.json b/2010/2xxx/CVE-2010-2721.json index 1abc9b69eb3..6a9efad14f3 100644 --- a/2010/2xxx/CVE-2010-2721.json +++ b/2010/2xxx/CVE-2010-2721.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14244", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14244" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/lyrics-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/lyrics-sql.txt" - }, - { - "name" : "41394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41394" - }, - { - "name" : "66033", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66033" - }, - { - "name" : "40438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40438" - }, - { - "name" : "ADV-2010-1741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1741" - }, - { - "name" : "lyricsv3engine-index-sql-injection(60118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1741" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/lyrics-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/lyrics-sql.txt" + }, + { + "name": "40438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40438" + }, + { + "name": "lyricsv3engine-index-sql-injection(60118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60118" + }, + { + "name": "14244", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14244" + }, + { + "name": "66033", + "refsource": "OSVDB", + "url": "http://osvdb.org/66033" + }, + { + "name": "41394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41394" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3197.json b/2010/3xxx/CVE-2010-3197.json index ab7379cfd16..0f355560105 100644 --- a/2010/3xxx/CVE-2010-3197.json +++ b/2010/3xxx/CVE-2010-3197.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" - }, - { - "name" : "IC67819", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819" - }, - { - "name" : "oval:org.mitre.oval:def:14430", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14430", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430" + }, + { + "name": "IC67819", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3473.json b/2010/3xxx/CVE-2010-3473.json index bce6c4b5544..82867f6a5af 100644 --- a/2010/3xxx/CVE-2010-3473.json +++ b/2010/3xxx/CVE-2010-3473.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" - }, - { - "name" : "PJ37180", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37180" - }, - { - "name" : "43272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43272" - }, - { - "name" : "41458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41458" - }, - { - "name" : "ADV-2010-2419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" + }, + { + "name": "PJ37180", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37180" + }, + { + "name": "43272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43272" + }, + { + "name": "41458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41458" + }, + { + "name": "ADV-2010-2419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2419" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3510.json b/2010/3xxx/CVE-2010-3510.json index 1e7c82b88e7..bd6360935ab 100644 --- a/2010/3xxx/CVE-2010-3510.json +++ b/2010/3xxx/CVE-2010-3510.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45847" - }, - { - "name" : "1024981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024981" - }, - { - "name" : "42975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42975" - }, - { - "name" : "ADV-2011-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0143" - }, - { - "name" : "weblogic-node-manager-code-exec(64765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0143" + }, + { + "name": "45847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45847" + }, + { + "name": "weblogic-node-manager-code-exec(64765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64765" + }, + { + "name": "1024981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024981" + }, + { + "name": "42975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42975" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3600.json b/2010/3xxx/CVE-2010-3600.json index ae17c651886..83d8c49ea2e 100644 --- a/2010/3xxx/CVE-2010-3600.json +++ b/2010/3xxx/CVE-2010-3600.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-018/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-018/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45883" - }, - { - "name" : "1024972", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024972" - }, - { - "name" : "42895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42895" - }, - { - "name" : "42921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42921" - }, - { - "name" : "ADV-2011-0139", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0139" - }, - { - "name" : "ADV-2011-0140", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0140" - }, - { - "name" : "oracle-db-gridcontrol-unspecified(64755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0139", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0139" + }, + { + "name": "1024972", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024972" + }, + { + "name": "45883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45883" + }, + { + "name": "42895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42895" + }, + { + "name": "oracle-db-gridcontrol-unspecified(64755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64755" + }, + { + "name": "42921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42921" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-018/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-018/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "ADV-2011-0140", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0140" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3844.json b/2010/3xxx/CVE-2010-3844.json index 4a60daf7bb4..b8f8d912df0 100644 --- a/2010/3xxx/CVE-2010-3844.json +++ b/2010/3xxx/CVE-2010-3844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3923.json b/2010/3xxx/CVE-2010-3923.json index 76b4ca534c9..df7daad940c 100644 --- a/2010/3xxx/CVE-2010-3923.json +++ b/2010/3xxx/CVE-2010-3923.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://homepage2.nifty.com/hibara/software/atcs.htm", - "refsource" : "CONFIRM", - "url" : "http://homepage2.nifty.com/hibara/software/atcs.htm" - }, - { - "name" : "JVN#02175694", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN02175694/index.html" - }, - { - "name" : "JVNDB-2010-000066", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000066.html" - }, - { - "name" : "42672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42672" + }, + { + "name": "http://homepage2.nifty.com/hibara/software/atcs.htm", + "refsource": "CONFIRM", + "url": "http://homepage2.nifty.com/hibara/software/atcs.htm" + }, + { + "name": "JVNDB-2010-000066", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000066.html" + }, + { + "name": "JVN#02175694", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN02175694/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1369.json b/2011/1xxx/CVE-2011-1369.json index 43bb1ca9a99..7062f13e842 100644 --- a/2011/1xxx/CVE-2011-1369.json +++ b/2011/1xxx/CVE-2011-1369.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1369", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1369", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1564.json b/2011/1xxx/CVE-2011-1564.json index 2ac1072c6fd..8fab3c173a2 100644 --- a/2011/1xxx/CVE-2011-1564.json +++ b/2011/1xxx/CVE-2011-1564.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17025", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17025" - }, - { - "name" : "http://aluigi.org/adv/realwin_6-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/realwin_6-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf" - }, - { - "name" : "46937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46937" - }, - { - "name" : "43848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43848" - }, - { - "name" : "8177", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8177" - }, - { - "name" : "ADV-2011-0742", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46937" + }, + { + "name": "8177", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8177" + }, + { + "name": "http://aluigi.org/adv/realwin_6-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/realwin_6-adv.txt" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf" + }, + { + "name": "17025", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17025" + }, + { + "name": "43848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43848" + }, + { + "name": "ADV-2011-0742", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0742" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5037.json b/2011/5xxx/CVE-2011-5037.json index 2a89b0d82b0..9966180207c 100644 --- a/2011/5xxx/CVE-2011-5037.json +++ b/2011/5xxx/CVE-2011-5037.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" - }, - { - "name" : "http://www.nruns.com/_downloads/advisory28122011.pdf", - "refsource" : "MISC", - "url" : "http://www.nruns.com/_downloads/advisory28122011.pdf" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2011-003.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2011-003.html" - }, - { - "name" : "VU#903934", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/903934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nruns.com/_downloads/advisory28122011.pdf", + "refsource": "MISC", + "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" + }, + { + "name": "VU#903934", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/903934" + }, + { + "name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2011-003.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2011-003.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5279.json b/2011/5xxx/CVE-2011-5279.json index 24991e104ac..7c0f299ea2f 100644 --- a/2011/5xxx/CVE-2011-5279.json +++ b/2011/5xxx/CVE-2011-5279.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \\n (newline) character in an HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140410 Re: iis cgi 0day", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/128" - }, - { - "name" : "20120401 FW: iis bug", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Apr/0" - }, - { - "name" : "20120402 Re: iis bug", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Apr/13" - }, - { - "name" : "20140409 iis cgi 0day", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/108" - }, - { - "name" : "20140419 Re: iis cgi 0day", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/247" - }, - { - "name" : "http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e", - "refsource" : "MISC", - "url" : "http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \\n (newline) character in an HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140419 Re: iis cgi 0day", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/247" + }, + { + "name": "20140410 Re: iis cgi 0day", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/128" + }, + { + "name": "20120401 FW: iis bug", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Apr/0" + }, + { + "name": "20140409 iis cgi 0day", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/108" + }, + { + "name": "http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e", + "refsource": "MISC", + "url": "http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e" + }, + { + "name": "20120402 Re: iis bug", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Apr/13" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3013.json b/2014/3xxx/CVE-2014-3013.json index f17a080834a..7128c794591 100644 --- a/2014/3xxx/CVE-2014-3013.json +++ b/2014/3xxx/CVE-2014-3013.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675415", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675415" - }, - { - "name" : "59259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59259" - }, - { - "name" : "ibm-curan-cve20143013-xss(93011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415" + }, + { + "name": "59259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59259" + }, + { + "name": "ibm-curan-cve20143013-xss(93011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3495.json b/2014/3xxx/CVE-2014-3495.json index e0f901dfdc9..f5ac6373620 100644 --- a/2014/3xxx/CVE-2014-3495.json +++ b/2014/3xxx/CVE-2014-3495.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3495", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3495", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3648.json b/2014/3xxx/CVE-2014-3648.json index 7fb59f2663e..6c7e46654ef 100644 --- a/2014/3xxx/CVE-2014-3648.json +++ b/2014/3xxx/CVE-2014-3648.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3648", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3648", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7067.json b/2014/7xxx/CVE-2014-7067.json index cce90aa0bbc..e87cc20cf7c 100644 --- a/2014/7xxx/CVE-2014-7067.json +++ b/2014/7xxx/CVE-2014-7067.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#959489", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/959489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#959489", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/959489" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7274.json b/2014/7xxx/CVE-2014-7274.json index a1d10044ba5..aec3c7494ff 100644 --- a/2014/7xxx/CVE-2014-7274.json +++ b/2014/7xxx/CVE-2014-7274.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141007 Re: CVE Request(s): Getmail 4", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/10/07/33" - }, - { - "name" : "http://pyropus.ca/software/getmail/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://pyropus.ca/software/getmail/CHANGELOG" - }, - { - "name" : "DSA-3091", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3091" - }, - { - "name" : "openSUSE-SU-2014:1315", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html" - }, - { - "name" : "61229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1315", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html" + }, + { + "name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/10/07/33" + }, + { + "name": "DSA-3091", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3091" + }, + { + "name": "61229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61229" + }, + { + "name": "http://pyropus.ca/software/getmail/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://pyropus.ca/software/getmail/CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7428.json b/2014/7xxx/CVE-2014-7428.json index 937b0a67eef..0404187508b 100644 --- a/2014/7xxx/CVE-2014-7428.json +++ b/2014/7xxx/CVE-2014-7428.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#808569", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/808569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#808569", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/808569" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7497.json b/2014/7xxx/CVE-2014-7497.json index de19ac41d38..3b83d3a2a2d 100644 --- a/2014/7xxx/CVE-2014-7497.json +++ b/2014/7xxx/CVE-2014-7497.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Portfolium (aka com.wPortfolium) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#588305", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/588305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Portfolium (aka com.wPortfolium) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#588305", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/588305" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7800.json b/2014/7xxx/CVE-2014-7800.json index 6c94fc40055..5d6f4628a34 100644 --- a/2014/7xxx/CVE-2014-7800.json +++ b/2014/7xxx/CVE-2014-7800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#284089", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/284089" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#284089", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/284089" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8078.json b/2014/8xxx/CVE-2014-8078.json index 7e1a66da1e0..503283177a7 100644 --- a/2014/8xxx/CVE-2014-8078.json +++ b/2014/8xxx/CVE-2014-8078.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/2231671", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2231671" - }, - { - "name" : "https://www.drupal.org/node/2231191", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2231191" - }, - { - "name" : "https://www.drupal.org/node/2231197", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2231197" - }, - { - "name" : "https://www.drupal.org/node/2231199", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2231199" - }, - { - "name" : "57402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57402" - }, - { - "name" : "print-drupal-node-xss(92349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2231191", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2231191" + }, + { + "name": "57402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57402" + }, + { + "name": "https://www.drupal.org/node/2231197", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2231197" + }, + { + "name": "https://drupal.org/node/2231671", + "refsource": "MISC", + "url": "https://drupal.org/node/2231671" + }, + { + "name": "https://www.drupal.org/node/2231199", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2231199" + }, + { + "name": "print-drupal-node-xss(92349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92349" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8228.json b/2014/8xxx/CVE-2014-8228.json index 72c34e888eb..a0f1194e3fc 100644 --- a/2014/8xxx/CVE-2014-8228.json +++ b/2014/8xxx/CVE-2014-8228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8228", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8228", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8410.json b/2014/8xxx/CVE-2014-8410.json index dcd4334a1fa..f1ec5405474 100644 --- a/2014/8xxx/CVE-2014-8410.json +++ b/2014/8xxx/CVE-2014-8410.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8410", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8410", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8667.json b/2014/8xxx/CVE-2014-8667.json index 7fb3b4f49a3..0eea3bb84af 100644 --- a/2014/8xxx/CVE-2014-8667.json +++ b/2014/8xxx/CVE-2014-8667.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "http://service.sap.com/sap/support/notes/0002069676", - "refsource" : "MISC", - "url" : "http://service.sap.com/sap/support/notes/0002069676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.sap.com/sap/support/notes/0002069676", + "refsource": "MISC", + "url": "http://service.sap.com/sap/support/notes/0002069676" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8837.json b/2014/8xxx/CVE-2014-8837.json index b3d9b489b73..c87bcc0edfd 100644 --- a/2014/8xxx/CVE-2014-8837.json +++ b/2014/8xxx/CVE-2014-8837.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - }, - { - "name" : "macosx-cve20148837-priv-esc(100491)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "macosx-cve20148837-priv-esc(100491)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100491" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9022.json b/2014/9xxx/CVE-2014-9022.json index b4e0268a465..dd1af7ecf1b 100644 --- a/2014/9xxx/CVE-2014-9022.json +++ b/2014/9xxx/CVE-2014-9022.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the \"disabled\" restriction and modify read-only components via a crafted form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2373973", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2373973" - }, - { - "name" : "https://www.drupal.org/node/2373471", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2373471" - }, - { - "name" : "https://www.drupal.org/node/2373473", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2373473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the \"disabled\" restriction and modify read-only components via a crafted form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2373471", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2373471" + }, + { + "name": "https://www.drupal.org/node/2373473", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2373473" + }, + { + "name": "https://www.drupal.org/node/2373973", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2373973" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9025.json b/2014/9xxx/CVE-2014-9025.json index eb48a2781f3..c83366de758 100644 --- a/2014/9xxx/CVE-2014-9025.json +++ b/2014/9xxx/CVE-2014-9025.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2336357", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2336357" - }, - { - "name" : "https://www.drupal.org/node/2336327", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2336327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2336327", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2336327" + }, + { + "name": "https://www.drupal.org/node/2336357", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2336357" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2173.json b/2016/2xxx/CVE-2016-2173.json index f94f9a2e08e..ed827f539c4 100644 --- a/2016/2xxx/CVE-2016-2173.json +++ b/2016/2xxx/CVE-2016-2173.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1326205", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1326205" - }, - { - "name" : "https://pivotal.io/security/cve-2016-2173", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2016-2173" - }, - { - "name" : "FEDORA-2016-005ac9cfd5", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html" - }, - { - "name" : "FEDORA-2016-6cf17ad0df", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html" - }, - { - "name" : "FEDORA-2016-f099190fee", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-6cf17ad0df", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html" + }, + { + "name": "FEDORA-2016-005ac9cfd5", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html" + }, + { + "name": "https://pivotal.io/security/cve-2016-2173", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2016-2173" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205" + }, + { + "name": "FEDORA-2016-f099190fee", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2176.json b/2016/2xxx/CVE-2016-2176.json index 2207ced037c..9f63aa718db 100644 --- a/2016/2xxx/CVE-2016-2176.json +++ b/2016/2xxx/CVE-2016-2176.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561" - }, - { - "name" : "https://www.openssl.org/news/secadv/20160503.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20160503.txt" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa123", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa123" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160504-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160504-0001/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl" - }, - { - "name" : "GLSA-201612-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-16" - }, - { - "name" : "SSA:2016-124-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "89746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89746" - }, - { - "name" : "1035721", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2016-124-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561" + }, + { + "name": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160" + }, + { + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" + }, + { + "name": "1035721", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035721" + }, + { + "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "89746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89746" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160504-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "https://www.openssl.org/news/secadv/20160503.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160503.txt" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa123", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa123" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2287.json b/2016/2xxx/CVE-2016-2287.json index 891c0800c9b..cabe2bfe31c 100644 --- a/2016/2xxx/CVE-2016-2287.json +++ b/2016/2xxx/CVE-2016-2287.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2560.json b/2016/2xxx/CVE-2016-2560.json index c755f4a3fe4..9d2c8055217 100644 --- a/2016/2xxx/CVE-2016-2560.json +++ b/2016/2xxx/CVE-2016-2560.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-11/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-11/" - }, - { - "name" : "DSA-3627", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3627" - }, - { - "name" : "FEDORA-2016-65da02b95c", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html" - }, - { - "name" : "FEDORA-2016-02ee5b4002", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html" - }, - { - "name" : "openSUSE-SU-2016:0663", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:0666", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-65da02b95c", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-11/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-11/" + }, + { + "name": "DSA-3627", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3627" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc" + }, + { + "name": "FEDORA-2016-02ee5b4002", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32" + }, + { + "name": "openSUSE-SU-2016:0666", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078" + }, + { + "name": "openSUSE-SU-2016:0663", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2708.json b/2016/2xxx/CVE-2016-2708.json index c9e1a2e4b76..fcb5d6cceeb 100644 --- a/2016/2xxx/CVE-2016-2708.json +++ b/2016/2xxx/CVE-2016-2708.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2708", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2708", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2787.json b/2016/2xxx/CVE-2016-2787.json index 5ceecc21394..0019f4ec0a4 100644 --- a/2016/2xxx/CVE-2016-2787.json +++ b/2016/2xxx/CVE-2016-2787.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://puppet.com/security/cve/CVE-2016-2787", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/CVE-2016-2787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/CVE-2016-2787", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/CVE-2016-2787" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6124.json b/2016/6xxx/CVE-2016-6124.json index bbcb3533ee0..b0621dc1ad6 100644 --- a/2016/6xxx/CVE-2016-6124.json +++ b/2016/6xxx/CVE-2016-6124.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LMS on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "13.0" - }, - { - "version_value" : "13.1" - }, - { - "version_value" : "13.2" - }, - { - "version_value" : "13.2.2" - }, - { - "version_value" : "13.2.3" - }, - { - "version_value" : "13.2.4" - }, - { - "version_value" : "14.0.0" - }, - { - "version_value" : "14.1.0" - }, - { - "version_value" : "14.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LMS on Cloud", + "version": { + "version_data": [ + { + "version_value": "13.0" + }, + { + "version_value": "13.1" + }, + { + "version_value": "13.2" + }, + { + "version_value": "13.2.2" + }, + { + "version_value": "13.2.3" + }, + { + "version_value": "13.2.4" + }, + { + "version_value": "14.0.0" + }, + { + "version_value": "14.1.0" + }, + { + "version_value": "14.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993982", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993982" - }, - { - "name" : "94306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993982", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993982" + }, + { + "name": "94306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94306" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6397.json b/2016/6xxx/CVE-2016-6397.json index 684e4cfb45e..c4ad86f7864 100644 --- a/2016/6xxx/CVE-2016-6397.json +++ b/2016/6xxx/CVE-2016-6397.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IPICS 4.8(1) to 4.10(1)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IPICS 4.8(1) to 4.10(1)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IPICS 4.8(1) to 4.10(1)", + "version": { + "version_data": [ + { + "version_value": "Cisco IPICS 4.8(1) to 4.10(1)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics" - }, - { - "name" : "93913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics" + }, + { + "name": "93913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93913" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6424.json b/2016/6xxx/CVE-2016-6424.json index 09cc20db437..8f4417bff5b 100644 --- a/2016/6xxx/CVE-2016-6424.json +++ b/2016/6xxx/CVE-2016-6424.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161005 Cisco ASA Software DHCP Relay Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp" - }, - { - "name" : "93408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93408" - }, - { - "name" : "1036961", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20161005 Cisco ASA Software DHCP Relay Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp" + }, + { + "name": "93408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93408" + }, + { + "name": "1036961", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036961" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6429.json b/2016/6xxx/CVE-2016-6429.json index e15897251fe..3f140628f67 100644 --- a/2016/6xxx/CVE-2016-6429.json +++ b/2016/6xxx/CVE-2016-6429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IP Interoperability and Collaboration System 4.10(1)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IP Interoperability and Collaboration System 4.10(1)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IP Interoperability and Collaboration System 4.10(1)", + "version": { + "version_data": [ + { + "version_value": "Cisco IP Interoperability and Collaboration System 4.10(1)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1" - }, - { - "name" : "93915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1" + }, + { + "name": "93915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93915" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18091.json b/2017/18xxx/CVE-2017-18091.json index 752ed008d6d..0a2be6bb429 100644 --- a/2017/18xxx/CVE-2017-18091.json +++ b/2017/18xxx/CVE-2017-18091.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-16T00:00:00", - "ID" : "CVE-2017-18091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye and Crucible", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 4.4.3" - }, - { - "version_value" : "prior to 4.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-16T00:00:00", + "ID": "CVE-2017-18091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye and Crucible", + "version": { + "version_data": [ + { + "version_value": "prior to 4.4.3" + }, + { + "version_value": "prior to 4.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8173", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CRUC-8173" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-7006", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-7006" - }, - { - "name" : "103079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/FE-7006", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-7006" + }, + { + "name": "https://jira.atlassian.com/browse/CRUC-8173", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CRUC-8173" + }, + { + "name": "103079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103079" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5085.json b/2017/5xxx/CVE-2017-5085.json index fb42831f0cb..86b5b10ecc3 100644 --- a/2017/5xxx/CVE-2017-5085.json +++ b/2017/5xxx/CVE-2017-5085.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59 for iOS", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59 for iOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59 for iOS", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59 for iOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/692378", - "refsource" : "MISC", - "url" : "https://crbug.com/692378" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1399" - }, - { - "name" : "98861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98861" - }, - { - "name" : "1038622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98861" + }, + { + "name": "RHSA-2017:1399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1399" + }, + { + "name": "1038622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038622" + }, + { + "name": "https://crbug.com/692378", + "refsource": "MISC", + "url": "https://crbug.com/692378" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5133.json b/2017/5xxx/CVE-2017-5133.json index 853f0418958..5a0cbdc9c05 100644 --- a/2017/5xxx/CVE-2017-5133.json +++ b/2017/5xxx/CVE-2017-5133.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 62.0.3202.62", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 62.0.3202.62" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds read and write" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 62.0.3202.62", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 62.0.3202.62" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/762106", - "refsource" : "MISC", - "url" : "https://crbug.com/762106" - }, - { - "name" : "DSA-4020", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4020" - }, - { - "name" : "GLSA-201710-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-24" - }, - { - "name" : "RHSA-2017:2997", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2997" - }, - { - "name" : "101482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read and write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101482" + }, + { + "name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/762106", + "refsource": "MISC", + "url": "https://crbug.com/762106" + }, + { + "name": "DSA-4020", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4020" + }, + { + "name": "RHSA-2017:2997", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2997" + }, + { + "name": "GLSA-201710-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-24" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5205.json b/2017/5xxx/CVE-2017-5205.json index 2aba3d8560b..7bcbbae89e5 100644 --- a/2017/5xxx/CVE-2017-5205.json +++ b/2017/5xxx/CVE-2017-5205.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5320.json b/2017/5xxx/CVE-2017-5320.json index 80c54e2b9c7..ba8272beee5 100644 --- a/2017/5xxx/CVE-2017-5320.json +++ b/2017/5xxx/CVE-2017-5320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5320", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5320", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5587.json b/2017/5xxx/CVE-2017-5587.json index 9ab8cc906b9..d510dba90f7 100644 --- a/2017/5xxx/CVE-2017-5587.json +++ b/2017/5xxx/CVE-2017-5587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file