diff --git a/2006/0xxx/CVE-2006-0281.json b/2006/0xxx/CVE-2006-0281.json index 07837cd493b..b9d8ff8ecb7 100644 --- a/2006/0xxx/CVE-2006-0281.json +++ b/2006/0xxx/CVE-2006-0281.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0337.json b/2006/0xxx/CVE-2006-0337.json index 7dd476ce910..bb836fd8495 100644 --- a/2006/0xxx/CVE-2006-0337.json +++ b/2006/0xxx/CVE-2006-0337.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/security/fsc-2006-1.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2006-1.shtml" - }, - { - "name" : "Q-103", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/q-103.shtml" - }, - { - "name" : "16309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16309" - }, - { - "name" : "ADV-2006-0257", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0257" - }, - { - "name" : "22632", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22632" - }, - { - "name" : "1015507", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015507" - }, - { - "name" : "1015508", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015508" - }, - { - "name" : "1015509", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015509" - }, - { - "name" : "1015510", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015510" - }, - { - "name" : "18529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18529" - }, - { - "name" : "fsecure-zip-bo(24198)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.f-secure.com/security/fsc-2006-1.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2006-1.shtml" + }, + { + "name": "1015510", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015510" + }, + { + "name": "18529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18529" + }, + { + "name": "22632", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22632" + }, + { + "name": "fsecure-zip-bo(24198)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24198" + }, + { + "name": "1015509", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015509" + }, + { + "name": "16309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16309" + }, + { + "name": "Q-103", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/q-103.shtml" + }, + { + "name": "1015508", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015508" + }, + { + "name": "1015507", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015507" + }, + { + "name": "ADV-2006-0257", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0257" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0504.json b/2006/0xxx/CVE-2006-0504.json index 528e923d555..af7772fadbb 100644 --- a/2006/0xxx/CVE-2006-0504.json +++ b/2006/0xxx/CVE-2006-0504.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing \"formatted quoted-printable emails\" via webmail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mailenable.com/enterprisehistory.asp", - "refsource" : "CONFIRM", - "url" : "http://www.mailenable.com/enterprisehistory.asp" - }, - { - "name" : "18716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18716" - }, - { - "name" : "mailenable-webmail-dos(24517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing \"formatted quoted-printable emails\" via webmail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mailenable.com/enterprisehistory.asp", + "refsource": "CONFIRM", + "url": "http://www.mailenable.com/enterprisehistory.asp" + }, + { + "name": "18716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18716" + }, + { + "name": "mailenable-webmail-dos(24517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24517" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0780.json b/2006/0xxx/CVE-2006-0780.json index 88ae98ddaba..7935b14786d 100644 --- a/2006/0xxx/CVE-2006-0780.json +++ b/2006/0xxx/CVE-2006-0780.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060227 [eVuln] PerlBlog Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426260/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/81/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/81/summary.html" - }, - { - "name" : "16707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16707" - }, - { - "name" : "18924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18924" - }, - { - "name" : "508", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/508" - }, - { - "name" : "perlblog-weblog-xss(24691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "perlblog-weblog-xss(24691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24691" + }, + { + "name": "20060227 [eVuln] PerlBlog Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426260/100/0/threaded" + }, + { + "name": "http://evuln.com/vulns/81/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/81/summary.html" + }, + { + "name": "508", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/508" + }, + { + "name": "18924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18924" + }, + { + "name": "16707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16707" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0896.json b/2006/0xxx/CVE-2006-0896.json index 0f2d7118bec..8eabb5c2f5c 100644 --- a/2006/0xxx/CVE-2006-0896.json +++ b/2006/0xxx/CVE-2006-0896.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060306 [eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426824/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/86/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/86/summary.html" - }, - { - "name" : "20060410 VEndor ACK: Simple Machines Forum Register.php X-Forwarded-For XSS", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-April/000682.html" - }, - { - "name" : "http://www.simplemachines.org/community/index.php?topic=78841.0", - "refsource" : "CONFIRM", - "url" : "http://www.simplemachines.org/community/index.php?topic=78841.0" - }, - { - "name" : "16841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16841" - }, - { - "name" : "ADV-2006-0726", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0726" - }, - { - "name" : "23480", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23480" - }, - { - "name" : "19004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19004" - }, - { - "name" : "545", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/545" - }, - { - "name" : "smf-register-xss(24915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0726", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0726" + }, + { + "name": "545", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/545" + }, + { + "name": "http://evuln.com/vulns/86/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/86/summary.html" + }, + { + "name": "19004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19004" + }, + { + "name": "23480", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23480" + }, + { + "name": "20060410 VEndor ACK: Simple Machines Forum Register.php X-Forwarded-For XSS", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-April/000682.html" + }, + { + "name": "http://www.simplemachines.org/community/index.php?topic=78841.0", + "refsource": "CONFIRM", + "url": "http://www.simplemachines.org/community/index.php?topic=78841.0" + }, + { + "name": "16841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16841" + }, + { + "name": "smf-register-xss(24915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24915" + }, + { + "name": "20060306 [eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426824/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1615.json b/2006/1xxx/CVE-2006-1615.json index 8255c74c472..7d61ae97a78 100644 --- a/2006/1xxx/CVE-2006-1615.json +++ b/2006/1xxx/CVE-2006-1615.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638" - }, - { - "name" : "http://up2date.astaro.com/2006/05/low_up2date_6202.html", - "refsource" : "CONFIRM", - "url" : "http://up2date.astaro.com/2006/05/low_up2date_6202.html" - }, - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "DSA-1024", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1024" - }, - { - "name" : "GLSA-200604-06", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml" - }, - { - "name" : "MDKSA-2006:067", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067" - }, - { - "name" : "SUSE-SA:2006:020", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html" - }, - { - "name" : "2006-0020", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0020" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17388" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1258", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1258" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "24458", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24458" - }, - { - "name" : "19534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19534" - }, - { - "name" : "19536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19536" - }, - { - "name" : "19570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19570" - }, - { - "name" : "19608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19608" - }, - { - "name" : "19564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19564" - }, - { - "name" : "19567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19567" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "23719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23719" - }, - { - "name" : "clamav-output-format-string(25661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19567" + }, + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1258", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1258" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638" + }, + { + "name": "24458", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24458" + }, + { + "name": "19570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19570" + }, + { + "name": "http://up2date.astaro.com/2006/05/low_up2date_6202.html", + "refsource": "CONFIRM", + "url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html" + }, + { + "name": "GLSA-200604-06", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml" + }, + { + "name": "19608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19608" + }, + { + "name": "19534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19534" + }, + { + "name": "19564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19564" + }, + { + "name": "19536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19536" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "SUSE-SA:2006:020", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html" + }, + { + "name": "MDKSA-2006:067", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067" + }, + { + "name": "17388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17388" + }, + { + "name": "DSA-1024", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1024" + }, + { + "name": "23719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23719" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "clamav-output-format-string(25661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25661" + }, + { + "name": "2006-0020", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0020" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3083.json b/2006/3xxx/CVE-2006-3083.json index 3ad15c11d5f..92a144c90fd 100644 --- a/2006/3xxx/CVE-2006-3083.json +++ b/2006/3xxx/CVE-2006-3083.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442599/100/0/threaded" - }, - { - "name" : "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443498/100/100/threaded" - }, - { - "name" : "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm" - }, - { - "name" : "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt" - }, - { - "name" : "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/", - "refsource" : "CONFIRM", - "url" : "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/" - }, - { - "name" : "DSA-1146", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1146" - }, - { - "name" : "GLSA-200608-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml" - }, - { - "name" : "GLSA-200608-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-21.xml" - }, - { - "name" : "MDKSA-2006:139", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:139" - }, - { - "name" : "RHSA-2006:0612", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0612.html" - }, - { - "name" : "SUSE-SR:2006:020", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_20_sr.html" - }, - { - "name" : "SUSE-SR:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_22_sr.html" - }, - { - "name" : "USN-334-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-334-1" - }, - { - "name" : "VU#580124", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/580124" - }, - { - "name" : "19427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19427" - }, - { - "name" : "oval:org.mitre.oval:def:9515", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515" - }, - { - "name" : "ADV-2006-3225", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3225" - }, - { - "name" : "27869", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27869" - }, - { - "name" : "27870", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27870" - }, - { - "name" : "1016664", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016664" - }, - { - "name" : "21423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21423" - }, - { - "name" : "21436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21436" - }, - { - "name" : "21439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21439" - }, - { - "name" : "21461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21461" - }, - { - "name" : "21402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21402" - }, - { - "name" : "21441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21441" - }, - { - "name" : "21456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21456" - }, - { - "name" : "21527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21527" - }, - { - "name" : "22291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22291" - }, - { - "name" : "21613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21613" - }, - { - "name" : "21847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21847" - }, - { - "name" : "21467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:139", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:139" + }, + { + "name": "VU#580124", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/580124" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm" + }, + { + "name": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt" + }, + { + "name": "27869", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27869" + }, + { + "name": "21847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21847" + }, + { + "name": "SUSE-SR:2006:020", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html" + }, + { + "name": "GLSA-200608-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-21.xml" + }, + { + "name": "21461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21461" + }, + { + "name": "21467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21467" + }, + { + "name": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt" + }, + { + "name": "DSA-1146", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1146" + }, + { + "name": "RHSA-2006:0612", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0612.html" + }, + { + "name": "21436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21436" + }, + { + "name": "ADV-2006-3225", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3225" + }, + { + "name": "21527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21527" + }, + { + "name": "27870", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27870" + }, + { + "name": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/", + "refsource": "CONFIRM", + "url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/" + }, + { + "name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:9515", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515" + }, + { + "name": "21439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21439" + }, + { + "name": "21402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21402" + }, + { + "name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded" + }, + { + "name": "21613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21613" + }, + { + "name": "SUSE-SR:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html" + }, + { + "name": "1016664", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016664" + }, + { + "name": "21441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21441" + }, + { + "name": "22291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22291" + }, + { + "name": "21456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21456" + }, + { + "name": "GLSA-200608-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml" + }, + { + "name": "21423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21423" + }, + { + "name": "USN-334-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-334-1" + }, + { + "name": "19427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19427" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3433.json b/2006/3xxx/CVE-2006-3433.json index b8233e17c72..825d5244d8d 100644 --- a/2006/3xxx/CVE-2006-3433.json +++ b/2006/3xxx/CVE-2006-3433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3433", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-3433", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3674.json b/2006/3xxx/CVE-2006-3674.json index 6e5eb4e8673..8885ef4fb8b 100644 --- a/2006/3xxx/CVE-2006-3674.json +++ b/2006/3xxx/CVE-2006-3674.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/atrondos-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/atrondos-adv.txt" - }, - { - "name" : "19015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19015" - }, - { - "name" : "ADV-2006-2836", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2836" - }, - { - "name" : "21093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21093" - }, - { - "name" : "1239", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1239" - }, - { - "name" : "armagetron-nnetobject-dos(27787)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27787" - }, - { - "name" : "armagetron-idreqhandler-dos(27793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "armagetron-idreqhandler-dos(27793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27793" + }, + { + "name": "1239", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1239" + }, + { + "name": "armagetron-nnetobject-dos(27787)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27787" + }, + { + "name": "21093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21093" + }, + { + "name": "ADV-2006-2836", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2836" + }, + { + "name": "http://aluigi.altervista.org/adv/atrondos-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/atrondos-adv.txt" + }, + { + "name": "19015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19015" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3729.json b/2006/3xxx/CVE-2006-3729.json index cda57dd971a..2bd08eb92f9 100644 --- a/2006/3xxx/CVE-2006-3729.json +++ b/2006/3xxx/CVE-2006-3729.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html" - }, - { - "name" : "19069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19069" - }, - { - "name" : "ADV-2006-2883", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2883" - }, - { - "name" : "27111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27111" - }, - { - "name" : "ie-datasourcecontrol-dos(27803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2883", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2883" + }, + { + "name": "ie-datasourcecontrol-dos(27803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27803" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html" + }, + { + "name": "27111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27111" + }, + { + "name": "19069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19069" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4222.json b/2006/4xxx/CVE-2006-4222.json index ca2f4716eff..582caf23edf 100644 --- a/2006/4xxx/CVE-2006-4222.json +++ b/2006/4xxx/CVE-2006-4222.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an \"authority problem\" in ThreadIdentitySupport as identified by PK25199, and \"Potential security exposure\" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213" - }, - { - "name" : "ADV-2006-3281", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3281" - }, - { - "name" : "21487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an \"authority problem\" in ThreadIdentitySupport as identified by PK25199, and \"Potential security exposure\" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3281", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3281" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213" + }, + { + "name": "21487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21487" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4919.json b/2006/4xxx/CVE-2006-4919.json index c8a810c0a00..79444382486 100644 --- a/2006/4xxx/CVE-2006-4919.json +++ b/2006/4xxx/CVE-2006-4919.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090915 Site@School 2.4.02 and below Multiple remote Command", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=115869368313367&w=2" - }, - { - "name" : "2374", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2374" - }, - { - "name" : "20053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20053" - }, - { - "name" : "ADV-2006-3664", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3664" - }, - { - "name" : "1016887", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016887" - }, - { - "name" : "21975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090915 Site@School 2.4.02 and below Multiple remote Command", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=115869368313367&w=2" + }, + { + "name": "2374", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2374" + }, + { + "name": "ADV-2006-3664", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3664" + }, + { + "name": "21975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21975" + }, + { + "name": "1016887", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016887" + }, + { + "name": "20053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20053" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2010.json b/2010/2xxx/CVE-2010-2010.json index d4015a5c461..3cc67b81ee1 100644 --- a/2010/2xxx/CVE-2010-2010.json +++ b/2010/2xxx/CVE-2010-2010.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/803944", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/803944" - }, - { - "name" : "40285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40285" - }, - { - "name" : "39884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39884" - }, - { - "name" : "chaos-tool-titles-xss(58721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chaos-tool-titles-xss(58721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721" + }, + { + "name": "39884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39884" + }, + { + "name": "http://drupal.org/node/803944", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/803944" + }, + { + "name": "40285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40285" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2054.json b/2010/2xxx/CVE-2010-2054.json index 457fe2083f2..4d0b4e60926 100644 --- a/2010/2xxx/CVE-2010-2054.json +++ b/2010/2xxx/CVE-2010-2054.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100601 SFCB vulnerabilities", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=bugtraq&m=127549079109192&w=2" - }, - { - "name" : "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86", - "refsource" : "CONFIRM", - "url" : "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784" - }, - { - "name" : "40018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40018" - }, - { - "name" : "ADV-2010-1312", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40018" + }, + { + "name": "ADV-2010-1312", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1312" + }, + { + "name": "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86", + "refsource": "CONFIRM", + "url": "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784" + }, + { + "name": "[oss-security] 20100601 SFCB vulnerabilities", + "refsource": "MLIST", + "url": "http://marc.info/?l=bugtraq&m=127549079109192&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2324.json b/2010/2xxx/CVE-2010-2324.json index a309df6b7cd..22a41f686d2 100644 --- a/2010/2xxx/CVE-2010-2324.json +++ b/2010/2xxx/CVE-2010-2324.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified \"link injection\" actions via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM09250", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09250" - }, - { - "name" : "PM15829", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829" - }, - { - "name" : "40096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40096" - }, - { - "name" : "ADV-2010-1411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified \"link injection\" actions via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1411" + }, + { + "name": "PM15829", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829" + }, + { + "name": "PM09250", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09250" + }, + { + "name": "40096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40096" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2361.json b/2010/2xxx/CVE-2010-2361.json index aa997df32f0..d8fe893bf5c 100644 --- a/2010/2xxx/CVE-2010-2361.json +++ b/2010/2xxx/CVE-2010-2361.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#54336184", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN54336184/index.html" - }, - { - "name" : "JVNDB-2010-000027", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000027.html" - }, - { - "name" : "winny-bbs-dos(61278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#54336184", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN54336184/index.html" + }, + { + "name": "winny-bbs-dos(61278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61278" + }, + { + "name": "JVNDB-2010-000027", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000027.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2993.json b/2010/2xxx/CVE-2010-2993.json index 95abe63c394..5795cf2208e 100644 --- a/2010/2xxx/CVE-2010-2993.json +++ b/2010/2xxx/CVE-2010-2993.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html" - }, - { - "name" : "SUSE-SR:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:12031", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12031" - }, - { - "name" : "42877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42877" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0076" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:12031", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12031" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "42877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42877" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html" + }, + { + "name": "ADV-2011-0076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0076" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3365.json b/2010/3xxx/CVE-2010-3365.json index ce918c26958..effac6200f1 100644 --- a/2010/3xxx/CVE-2010-3365.json +++ b/2010/3xxx/CVE-2010-3365.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3610.json b/2010/3xxx/CVE-2010-3610.json index 79849e0b08a..0d21d0455b2 100644 --- a/2010/3xxx/CVE-2010-3610.json +++ b/2010/3xxx/CVE-2010-3610.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3610", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3610", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3770.json b/2010/3xxx/CVE-2010-3770.json index aac8cc1e9bf..528178dc82d 100644 --- a/2010/3xxx/CVE-2010-3770.json +++ b/2010/3xxx/CVE-2010-3770.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=601429", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=601429" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100124650", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100124650" - }, - { - "name" : "DSA-2132", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2132" - }, - { - "name" : "FEDORA-2010-18773", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" - }, - { - "name" : "FEDORA-2010-18775", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" - }, - { - "name" : "FEDORA-2010-18890", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" - }, - { - "name" : "FEDORA-2010-18920", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" - }, - { - "name" : "MDVSA-2010:251", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" - }, - { - "name" : "RHSA-2010:0966", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html" - }, - { - "name" : "SUSE-SA:2011:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" - }, - { - "name" : "USN-1019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1019-1" - }, - { - "name" : "45353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45353" - }, - { - "name" : "oval:org.mitre.oval:def:12348", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348" - }, - { - "name" : "1024851", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024851" - }, - { - "name" : "42716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42716" - }, - { - "name" : "42818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42818" - }, - { - "name" : "ADV-2011-0030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45353" + }, + { + "name": "SUSE-SA:2011:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" + }, + { + "name": "FEDORA-2010-18775", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" + }, + { + "name": "MDVSA-2010:251", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=601429", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=601429" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100124650", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100124650" + }, + { + "name": "RHSA-2010:0966", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html" + }, + { + "name": "USN-1019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1019-1" + }, + { + "name": "42818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42818" + }, + { + "name": "oval:org.mitre.oval:def:12348", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348" + }, + { + "name": "DSA-2132", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2132" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html" + }, + { + "name": "FEDORA-2010-18920", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" + }, + { + "name": "ADV-2011-0030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0030" + }, + { + "name": "FEDORA-2010-18890", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" + }, + { + "name": "1024851", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024851" + }, + { + "name": "42716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42716" + }, + { + "name": "FEDORA-2010-18773", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3976.json b/2010/3xxx/CVE-2010-3976.json index 6ef32387a97..4815946e8ee 100644 --- a/2010/3xxx/CVE-2010-3976.json +++ b/2010/3xxx/CVE-2010-3976.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html" - }, - { - "name" : "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514653/100/0/threaded" - }, - { - "name" : "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29", - "refsource" : "MISC", - "url" : "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29" - }, - { - "name" : "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt", - "refsource" : "MISC", - "url" : "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02663", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2" - }, - { - "name" : "SSRT100428", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2" - }, - { - "name" : "SUSE-SA:2010:055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" - }, - { - "name" : "44671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44671" - }, - { - "name" : "oval:org.mitre.oval:def:6926", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-2903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2903" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "oval:org.mitre.oval:def:6926", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926" + }, + { + "name": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29", + "refsource": "MISC", + "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt", + "refsource": "MISC", + "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt" + }, + { + "name": "SUSE-SA:2010:055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" + }, + { + "name": "SSRT100428", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2" + }, + { + "name": "ADV-2010-2903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2903" + }, + { + "name": "HPSBMA02663", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" + }, + { + "name": "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html" + }, + { + "name": "44671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44671" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4462.json b/2010/4xxx/CVE-2010-4462.json index f4843f85d74..d0c5a4a42e5 100644 --- a/2010/4xxx/CVE-2010-4462.json +++ b/2010/4xxx/CVE-2010-4462.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:0282", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SA:2011:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" - }, - { - "name" : "SUSE-SU-2011:0823", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" - }, - { - "name" : "oval:org.mitre.oval:def:12841", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12841" - }, - { - "name" : "oval:org.mitre.oval:def:14039", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14039" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - }, - { - "name" : "49198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12841", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12841" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SUSE-SU-2011:0823", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "RHSA-2011:0282", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "49198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49198" + }, + { + "name": "SUSE-SA:2011:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" + }, + { + "name": "HPSBUX02777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "oval:org.mitre.oval:def:14039", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14039" + }, + { + "name": "SSRT100854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4802.json b/2010/4xxx/CVE-2010-4802.json index 84355768461..3cb24677e4d 100644 --- a/2010/4xxx/CVE-2010-4802.json +++ b/2010/4xxx/CVE-2010-4802.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952" - }, - { - "name" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes" - }, - { - "name" : "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44", - "refsource" : "CONFIRM", - "url" : "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44" - }, - { - "name" : "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a", - "refsource" : "CONFIRM", - "url" : "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a" - }, - { - "name" : "DSA-2239", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes" + }, + { + "name": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a", + "refsource": "CONFIRM", + "url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a" + }, + { + "name": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44", + "refsource": "CONFIRM", + "url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952" + }, + { + "name": "DSA-2239", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2239" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0605.json b/2011/0xxx/CVE-2011-0605.json index a8fa64156df..eb17703a638 100644 --- a/2011/0xxx/CVE-2011-0605.json +++ b/2011/0xxx/CVE-2011-0605.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "46200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46200" - }, - { - "name" : "oval:org.mitre.oval:def:13890", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13890" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - }, - { - "name" : "reader-acrobat-unspec-ce(65308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46200" + }, + { + "name": "reader-acrobat-unspec-ce(65308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65308" + }, + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "oval:org.mitre.oval:def:13890", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13890" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1051.json b/2011/1xxx/CVE-2011-1051.json index da45a69211b..d55678454e0 100644 --- a/2011/1xxx/CVE-2011-1051.json +++ b/2011/1xxx/CVE-2011-1051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.hex-rays.com/vulnfix.shtml", - "refsource" : "CONFIRM", - "url" : "https://www.hex-rays.com/vulnfix.shtml" - }, - { - "name" : "46525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46525" - }, - { - "name" : "idapro-coffepocexpload-unspecified(65561)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.hex-rays.com/vulnfix.shtml", + "refsource": "CONFIRM", + "url": "https://www.hex-rays.com/vulnfix.shtml" + }, + { + "name": "46525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46525" + }, + { + "name": "idapro-coffepocexpload-unspecified(65561)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65561" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1176.json b/2011/1xxx/CVE-2011-1176.json index 0ef8b156c22..6685cf13916 100644 --- a/2011/1xxx/CVE-2011-1176.json +++ b/2011/1xxx/CVE-2011-1176.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mpm-itk] 20110321 CVE 2011-1176: Sometimes runs as root instead of the default Apache user", - "refsource" : "MLIST", - "url" : "http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html" - }, - { - "name" : "[mpm-itk] 20110321 mpm-itk version 2.2.17-01 released", - "refsource" : "MLIST", - "url" : "http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html" - }, - { - "name" : "[oss-security] 20110320 CVE request: MPM-ITK module for Apache HTTPD", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/20/1" - }, - { - "name" : "[oss-security] 20110321 Re: CVE request: MPM-ITK module for Apache HTTPD", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/21/13" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857" - }, - { - "name" : "DSA-2202", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2202" - }, - { - "name" : "MDVSA-2011:057", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:057" - }, - { - "name" : "46953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46953" - }, - { - "name" : "ADV-2011-0748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0748" - }, - { - "name" : "ADV-2011-0749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0749" - }, - { - "name" : "ADV-2011-0824", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0824" - }, - { - "name" : "apache-mtmitk-weak-security(66248)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46953" + }, + { + "name": "MDVSA-2011:057", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:057" + }, + { + "name": "[mpm-itk] 20110321 mpm-itk version 2.2.17-01 released", + "refsource": "MLIST", + "url": "http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857" + }, + { + "name": "apache-mtmitk-weak-security(66248)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66248" + }, + { + "name": "ADV-2011-0824", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0824" + }, + { + "name": "ADV-2011-0748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0748" + }, + { + "name": "DSA-2202", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2202" + }, + { + "name": "ADV-2011-0749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0749" + }, + { + "name": "[oss-security] 20110321 Re: CVE request: MPM-ITK module for Apache HTTPD", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/21/13" + }, + { + "name": "[oss-security] 20110320 CVE request: MPM-ITK module for Apache HTTPD", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/20/1" + }, + { + "name": "[mpm-itk] 20110321 CVE 2011-1176: Sometimes runs as root instead of the default Apache user", + "refsource": "MLIST", + "url": "http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1558.json b/2011/1xxx/CVE-2011-1558.json index 6372a08eb91..cdefb313c11 100644 --- a/2011/1xxx/CVE-2011-1558.json +++ b/2011/1xxx/CVE-2011-1558.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029060", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029060" - }, - { - "name" : "IO13663", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IO13663" - }, - { - "name" : "43993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43993" - }, - { - "name" : "ADV-2011-0834", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0834", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0834" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029060", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029060" + }, + { + "name": "IO13663", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IO13663" + }, + { + "name": "43993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43993" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3396.json b/2014/3xxx/CVE-2014-3396.json index 56ae202ca53..abbbbdb0ceb 100644 --- a/2014/3xxx/CVE-2014-3396.json +++ b/2014/3xxx/CVE-2014-3396.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3839.json b/2014/3xxx/CVE-2014-3839.json index 5e34c99b8bc..c502ae5ea6a 100644 --- a/2014/3xxx/CVE-2014-3839.json +++ b/2014/3xxx/CVE-2014-3839.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3839", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3839", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6614.json b/2014/6xxx/CVE-2014-6614.json index 286ebd74ae5..918cf634025 100644 --- a/2014/6xxx/CVE-2014-6614.json +++ b/2014/6xxx/CVE-2014-6614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7129.json b/2014/7xxx/CVE-2014-7129.json index 24e5c03a8bd..02ab8248c43 100644 --- a/2014/7xxx/CVE-2014-7129.json +++ b/2014/7xxx/CVE-2014-7129.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#634505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/634505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#634505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/634505" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7217.json b/2014/7xxx/CVE-2014-7217.json index 2061e824247..6da7ee93de8 100644 --- a/2014/7xxx/CVE-2014-7217.json +++ b/2014/7xxx/CVE-2014-7217.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961" - }, - { - "name" : "openSUSE-SU-2014:1280", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html" - }, - { - "name" : "70252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70252" - }, - { - "name" : "61777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1280", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php" + }, + { + "name": "70252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70252" + }, + { + "name": "61777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61777" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7267.json b/2014/7xxx/CVE-2014-7267.json index e1bafa219f9..be75e927141 100644 --- a/2014/7xxx/CVE-2014-7267.json +++ b/2014/7xxx/CVE-2014-7267.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ricksoft.jp/document/pages/viewpage.action?pageId=172425369", - "refsource" : "CONFIRM", - "url" : "https://www.ricksoft.jp/document/pages/viewpage.action?pageId=172425369" - }, - { - "name" : "JVN#09289074", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN09289074/index.html" - }, - { - "name" : "JVNDB-2014-000151", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#09289074", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN09289074/index.html" + }, + { + "name": "JVNDB-2014-000151", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000151" + }, + { + "name": "https://www.ricksoft.jp/document/pages/viewpage.action?pageId=172425369", + "refsource": "CONFIRM", + "url": "https://www.ricksoft.jp/document/pages/viewpage.action?pageId=172425369" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7814.json b/2014/7xxx/CVE-2014-7814.json index a066169f4b5..037451a8820 100644 --- a/2014/7xxx/CVE-2014-7814.json +++ b/2014/7xxx/CVE-2014-7814.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2015:0028", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0028.html" - }, - { - "name" : "62255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62255" + }, + { + "name": "RHSA-2015:0028", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8371.json b/2014/8xxx/CVE-2014-8371.json index 5297371433e..c3b5c8e77cf 100644 --- a/2014/8xxx/CVE-2014-8371.json +++ b/2014/8xxx/CVE-2014-8371.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8591.json b/2014/8xxx/CVE-2014-8591.json index c78037abad6..6ccc625e877 100644 --- a/2014/8xxx/CVE-2014-8591.json +++ b/2014/8xxx/CVE-2014-8591.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1966655", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1966655" - }, - { - "name" : "https://twitter.com/SAP_Gsupport/status/524138333065449472", - "refsource" : "CONFIRM", - "url" : "https://twitter.com/SAP_Gsupport/status/524138333065449472" - }, - { - "name" : "71030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71030" - }, - { - "name" : "sap-netweaver-cve20148591-dos(98582)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" + }, + { + "name": "https://service.sap.com/sap/support/notes/1966655", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1966655" + }, + { + "name": "https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos/" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + }, + { + "name": "sap-netweaver-cve20148591-dos(98582)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98582" + }, + { + "name": "https://twitter.com/SAP_Gsupport/status/524138333065449472", + "refsource": "CONFIRM", + "url": "https://twitter.com/SAP_Gsupport/status/524138333065449472" + }, + { + "name": "71030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71030" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8730.json b/2014/8xxx/CVE-2014-8730.json index 48c08732685..285cf39bc05 100644 --- a/2014/8xxx/CVE-2014-8730.json +++ b/2014/8xxx/CVE-2014-8730.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141209 Re: CVE question: Return of POODLE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/09/27" - }, - { - "name" : "https://www.imperialviolet.org/2014/12/08/poodleagain.html", - "refsource" : "MISC", - "url" : "https://www.imperialviolet.org/2014/12/08/poodleagain.html" - }, - { - "name" : "https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151", - "refsource" : "CONFIRM", - "url" : "https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html" - }, - { - "name" : "https://support.lenovo.com/product_security/poodle", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/product_security/poodle" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/poodle", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/poodle" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693337", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693337" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693495", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693495" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693271", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693271" - }, - { - "name" : "HPSBPV03516", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144372772101168&w=2" - }, - { - "name" : "62167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62167" - }, - { - "name" : "62224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62224" - }, - { - "name" : "62388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62167" + }, + { + "name": "[oss-security] 20141209 Re: CVE question: Return of POODLE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/09/27" + }, + { + "name": "HPSBPV03516", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144372772101168&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693495", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693495" + }, + { + "name": "https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151", + "refsource": "CONFIRM", + "url": "https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151" + }, + { + "name": "62224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62224" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/poodle", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/poodle" + }, + { + "name": "https://www.imperialviolet.org/2014/12/08/poodleagain.html", + "refsource": "MISC", + "url": "https://www.imperialviolet.org/2014/12/08/poodleagain.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693271", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693271" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693337", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693337" + }, + { + "name": "62388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62388" + }, + { + "name": "https://support.lenovo.com/product_security/poodle", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/product_security/poodle" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9096.json b/2014/9xxx/CVE-2014-9096.json index cfef5b2f6e2..1cef1976932 100644 --- a/2014/9xxx/CVE-2014-9096.json +++ b/2014/9xxx/CVE-2014-9096.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140724 Pligg 2.x SQLi / PWD disclosure / RCE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/136" - }, - { - "name" : "http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html" - }, - { - "name" : "https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed", - "refsource" : "CONFIRM", - "url" : "https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed" - }, - { - "name" : "https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e", - "refsource" : "CONFIRM", - "url" : "https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e" - }, - { - "name" : "68893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68893" + }, + { + "name": "http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html" + }, + { + "name": "https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e", + "refsource": "CONFIRM", + "url": "https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e" + }, + { + "name": "20140724 Pligg 2.x SQLi / PWD disclosure / RCE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/136" + }, + { + "name": "https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed", + "refsource": "CONFIRM", + "url": "https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9330.json b/2014/9xxx/CVE-2014-9330.json index 9f7368e5fe7..19431ddc401 100644 --- a/2014/9xxx/CVE-2014-9330.json +++ b/2014/9xxx/CVE-2014-9330.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/97" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2494", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2494" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3273", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3273" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "RHSA-2016:1546", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html" - }, - { - "name" : "RHSA-2016:1547", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html" - }, - { - "name" : "71789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71789" - }, - { - "name" : "1031442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "71789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71789" + }, + { + "name": "RHSA-2016:1547", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "1031442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031442" + }, + { + "name": "DSA-3273", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3273" + }, + { + "name": "20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/97" + }, + { + "name": "RHSA-2016:1546", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2494", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2494" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9750.json b/2014/9xxx/CVE-2014-9750.json index 06c17392859..f29ee286b9d 100644 --- a/2014/9xxx/CVE-2014-9750.json +++ b/2014/9xxx/CVE-2014-9750.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.ntp.org/show_bug.cgi?id=2671", - "refsource" : "CONFIRM", - "url" : "http://bugs.ntp.org/show_bug.cgi?id=2671" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1184573", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1184573" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us" - }, - { - "name" : "DSA-3388", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3388" - }, - { - "name" : "RHSA-2015:1459", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1459.html" - }, - { - "name" : "VU#852879", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/852879" - }, - { - "name" : "72583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#852879", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/852879" + }, + { + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne" + }, + { + "name": "72583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72583" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "DSA-3388", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3388" + }, + { + "name": "RHSA-2015:1459", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html" + }, + { + "name": "http://bugs.ntp.org/show_bug.cgi?id=2671", + "refsource": "CONFIRM", + "url": "http://bugs.ntp.org/show_bug.cgi?id=2671" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2315.json b/2016/2xxx/CVE-2016-2315.json index 494a8583d0b..baa983753ee 100644 --- a/2016/2xxx/CVE-2016-2315.json +++ b/2016/2xxx/CVE-2016-2315.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160315 server and client side remote code execution through a bu ffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ-2016-2315)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/15/5" - }, - { - "name" : "http://pastebin.com/UX2P2jjg", - "refsource" : "MISC", - "url" : "http://pastebin.com/UX2P2jjg" - }, - { - "name" : "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305", - "refsource" : "CONFIRM", - "url" : "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305" - }, - { - "name" : "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60", - "refsource" : "CONFIRM", - "url" : "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60" - }, - { - "name" : "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt", - "refsource" : "CONFIRM", - "url" : "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3521", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3521" - }, - { - "name" : "FEDORA-2016-6554eff611", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html" - }, - { - "name" : "FEDORA-2016-cee7647200", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html" - }, - { - "name" : "FEDORA-2016-8f164810c3", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html" - }, - { - "name" : "GLSA-201605-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-01" - }, - { - "name" : "RHSA-2016:0496", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0496.html" - }, - { - "name" : "SUSE-SU-2016:0796", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html" - }, - { - "name" : "SUSE-SU-2016:0798", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html" - }, - { - "name" : "openSUSE-SU-2016:0802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html" - }, - { - "name" : "openSUSE-SU-2016:0803", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html" - }, - { - "name" : "openSUSE-SU-2016:0826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html" - }, - { - "name" : "openSUSE-SU-2016:0829", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html" - }, - { - "name" : "openSUSE-SU-2016:0831", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html" - }, - { - "name" : "openSUSE-SU-2016:0832", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html" - }, - { - "name" : "openSUSE-SU-2016:0958", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html" - }, - { - "name" : "USN-2938-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2938-1" - }, - { - "name" : "84355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84355" - }, - { - "name" : "1035290", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0829", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html" + }, + { + "name": "FEDORA-2016-8f164810c3", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html" + }, + { + "name": "DSA-3521", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3521" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "GLSA-201605-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-01" + }, + { + "name": "1035290", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035290" + }, + { + "name": "84355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84355" + }, + { + "name": "openSUSE-SU-2016:0803", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html" + }, + { + "name": "http://pastebin.com/UX2P2jjg", + "refsource": "MISC", + "url": "http://pastebin.com/UX2P2jjg" + }, + { + "name": "FEDORA-2016-cee7647200", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html" + }, + { + "name": "[oss-security] 20160315 server and client side remote code execution through a bu ffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ-2016-2315)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/15/5" + }, + { + "name": "openSUSE-SU-2016:0958", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html" + }, + { + "name": "RHSA-2016:0496", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0496.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305", + "refsource": "CONFIRM", + "url": "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305" + }, + { + "name": "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60", + "refsource": "CONFIRM", + "url": "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60" + }, + { + "name": "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt", + "refsource": "CONFIRM", + "url": "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt" + }, + { + "name": "openSUSE-SU-2016:0802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html" + }, + { + "name": "USN-2938-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2938-1" + }, + { + "name": "openSUSE-SU-2016:0826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html" + }, + { + "name": "openSUSE-SU-2016:0832", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html" + }, + { + "name": "FEDORA-2016-6554eff611", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html" + }, + { + "name": "openSUSE-SU-2016:0831", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html" + }, + { + "name": "SUSE-SU-2016:0796", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html" + }, + { + "name": "SUSE-SU-2016:0798", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6181.json b/2016/6xxx/CVE-2016-6181.json index 6f3ce64cfeb..878c25020c6 100644 --- a/2016/6xxx/CVE-2016-6181.json +++ b/2016/6xxx/CVE-2016-6181.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6351.json b/2016/6xxx/CVE-2016-6351.json index 43c984ff642..d37c68a8a45 100644 --- a/2016/6xxx/CVE-2016-6351.json +++ b/2016/6xxx/CVE-2016-6351.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/25/14" - }, - { - "name" : "[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/26/7" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3" - }, - { - "name" : "USN-3047-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3047-1" - }, - { - "name" : "USN-3047-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3047-2" - }, - { - "name" : "92119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3047-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3047-1" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3" + }, + { + "name": "USN-3047-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3047-2" + }, + { + "name": "[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/25/14" + }, + { + "name": "[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/26/7" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11" + }, + { + "name": "92119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92119" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6559.json b/2016/6xxx/CVE-2016-6559.json index 6dfd8dd06e9..eebed76905a 100644 --- a/2016/6xxx/CVE-2016-6559.json +++ b/2016/6xxx/CVE-2016-6559.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6559", - "STATE" : "PUBLIC", - "TITLE" : "The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libc library", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "link_ntoa()", - "version_value" : "link_ntoa()" - } - ] - } - } - ] - }, - "vendor_name" : "BSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-120" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6559", + "STATE": "PUBLIC", + "TITLE": "The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libc library", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "link_ntoa()", + "version_value": "link_ntoa()" + } + ] + } + } + ] + }, + "vendor_name": "BSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-16:37", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc" - }, - { - "name" : "VU#548487", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/548487" - }, - { - "name" : "94694", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/94694" - }, - { - "name" : "1037398", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037398" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037398", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037398" + }, + { + "name": "FreeBSD-SA-16:37", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc" + }, + { + "name": "VU#548487", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/548487" + }, + { + "name": "94694", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/94694" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6620.json b/2016/6xxx/CVE-2016-6620.json index b2f16b50df0..40392cecb9a 100644 --- a/2016/6xxx/CVE-2016-6620.json +++ b/2016/6xxx/CVE-2016-6620.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-43", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-43" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "95055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95055" + }, + { + "name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-43", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-43" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6946.json b/2016/6xxx/CVE-2016-6946.json index a420de38209..9d1009f6d23 100644 --- a/2016/6xxx/CVE-2016-6946.json +++ b/2016/6xxx/CVE-2016-6946.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93491" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "93491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93491" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6976.json b/2016/6xxx/CVE-2016-6976.json index 69fcecf76a1..5fd5a60f21f 100644 --- a/2016/6xxx/CVE-2016-6976.json +++ b/2016/6xxx/CVE-2016-6976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18255.json b/2017/18xxx/CVE-2017-18255.json index 12f2bdfe9e6..864ddea57d8 100644 --- a/2017/18xxx/CVE-2017-18255.json +++ b/2017/18xxx/CVE-2017-18255.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d" - }, - { - "name" : "https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d" - }, - { - "name" : "USN-3696-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3696-1/" - }, - { - "name" : "USN-3696-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3696-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "103607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3696-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3696-1/" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d" + }, + { + "name": "103607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103607" + }, + { + "name": "USN-3696-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3696-2/" + }, + { + "name": "https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5108.json b/2017/5xxx/CVE-2017-5108.json index 7de53715a46..fc5f2ac5b79 100644 --- a/2017/5xxx/CVE-2017-5108.json +++ b/2017/5xxx/CVE-2017-5108.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type confusion" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/695830", - "refsource" : "MISC", - "url" : "https://crbug.com/695830" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:1833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1833" - }, - { - "name" : "99950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "https://crbug.com/695830", + "refsource": "MISC", + "url": "https://crbug.com/695830" + }, + { + "name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" + }, + { + "name": "99950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99950" + }, + { + "name": "RHSA-2017:1833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1833" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5235.json b/2017/5xxx/CVE-2017-5235.json index 2c3ec67d3ce..18e87270e3e 100644 --- a/2017/5xxx/CVE-2017-5235.json +++ b/2017/5xxx/CVE-2017-5235.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Metasploit Pro", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.13.0-2017022101" - } - ] - } - } - ] - }, - "vendor_name" : "Rapid7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DLL Preloading" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Metasploit Pro", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.13.0-2017022101" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", - "refsource" : "CONFIRM", - "url" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" - }, - { - "name" : "96548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Preloading" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", + "refsource": "CONFIRM", + "url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" + }, + { + "name": "96548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96548" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5269.json b/2017/5xxx/CVE-2017-5269.json index 41ba360013c..7fe9334cce3 100644 --- a/2017/5xxx/CVE-2017-5269.json +++ b/2017/5xxx/CVE-2017-5269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5269", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5269", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5703.json b/2017/5xxx/CVE-2017-5703.json index f11d1581871..d5ecd5ce85d 100644 --- a/2017/5xxx/CVE-2017-5703.json +++ b/2017/5xxx/CVE-2017-5703.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-04-03T00:00:00", - "ID" : "CVE-2017-5703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel 6th generation Intel Core Processors, Intel 7th generation Processors, Intel Xeon Scalable Processors, Intel Xeon Processor E3 v5 Family, Intel Xeon Processor E3 v6 Family, and Intel Atom Processor C Series.", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-04-03T00:00:00", + "ID": "CVE-2017-5703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel 6th generation Intel Core Processors, Intel 7th generation Processors, Intel Xeon Scalable Processors, Intel Xeon Processor E3 v5 Family, Intel Xeon Processor E3 v6 Family, and Intel Atom Processor C Series.", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180924-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180924-0004/" - }, - { - "name" : "1040626", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr" + }, + { + "name": "1040626", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040626" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180924-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180924-0004/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5890.json b/2017/5xxx/CVE-2017-5890.json index 4fbeb570097..e9d5fe23762 100644 --- a/2017/5xxx/CVE-2017-5890.json +++ b/2017/5xxx/CVE-2017-5890.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5890", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5890", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5989.json b/2017/5xxx/CVE-2017-5989.json index 8cdd31b19ab..601cdf9d3d8 100644 --- a/2017/5xxx/CVE-2017-5989.json +++ b/2017/5xxx/CVE-2017-5989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file