From 690949d1a51b29f11baabcefc7ee38ff67ce48b4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:07:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0019.json | 370 +++++++++++++++++------------------ 2006/0xxx/CVE-2006-0118.json | 180 ++++++++--------- 2006/1xxx/CVE-2006-1014.json | 180 ++++++++--------- 2006/1xxx/CVE-2006-1541.json | 200 +++++++++---------- 2006/3xxx/CVE-2006-3043.json | 170 ++++++++-------- 2006/3xxx/CVE-2006-3997.json | 180 ++++++++--------- 2006/4xxx/CVE-2006-4294.json | 160 +++++++-------- 2006/4xxx/CVE-2006-4342.json | 180 ++++++++--------- 2006/4xxx/CVE-2006-4535.json | 310 ++++++++++++++--------------- 2006/4xxx/CVE-2006-4653.json | 170 ++++++++-------- 2006/4xxx/CVE-2006-4678.json | 140 ++++++------- 2010/2xxx/CVE-2010-2461.json | 150 +++++++------- 2010/2xxx/CVE-2010-2662.json | 150 +++++++------- 2010/3xxx/CVE-2010-3310.json | 330 +++++++++++++++---------------- 2010/3xxx/CVE-2010-3448.json | 220 ++++++++++----------- 2010/3xxx/CVE-2010-3498.json | 130 ++++++------ 2010/3xxx/CVE-2010-3993.json | 140 ++++++------- 2011/0xxx/CVE-2011-0737.json | 140 ++++++------- 2011/1xxx/CVE-2011-1883.json | 190 +++++++++--------- 2011/1xxx/CVE-2011-1974.json | 160 +++++++-------- 2014/3xxx/CVE-2014-3133.json | 160 +++++++-------- 2014/3xxx/CVE-2014-3232.json | 34 ++-- 2014/3xxx/CVE-2014-3702.json | 130 ++++++------ 2014/3xxx/CVE-2014-3768.json | 34 ++-- 2014/6xxx/CVE-2014-6642.json | 140 ++++++------- 2014/7xxx/CVE-2014-7491.json | 140 ++++++------- 2014/7xxx/CVE-2014-7573.json | 140 ++++++------- 2014/7xxx/CVE-2014-7646.json | 140 ++++++------- 2014/7xxx/CVE-2014-7743.json | 140 ++++++------- 2014/8xxx/CVE-2014-8346.json | 130 ++++++------ 2014/8xxx/CVE-2014-8482.json | 34 ++-- 2014/8xxx/CVE-2014-8539.json | 150 +++++++------- 2014/8xxx/CVE-2014-8598.json | 180 ++++++++--------- 2014/8xxx/CVE-2014-8839.json | 170 ++++++++-------- 2014/9xxx/CVE-2014-9263.json | 170 ++++++++-------- 2014/9xxx/CVE-2014-9556.json | 180 ++++++++--------- 2016/2xxx/CVE-2016-2056.json | 150 +++++++------- 2016/2xxx/CVE-2016-2700.json | 34 ++-- 2016/2xxx/CVE-2016-2819.json | 230 +++++++++++----------- 2016/6xxx/CVE-2016-6013.json | 34 ++-- 2016/6xxx/CVE-2016-6039.json | 166 ++++++++-------- 2016/6xxx/CVE-2016-6134.json | 34 ++-- 2016/6xxx/CVE-2016-6327.json | 190 +++++++++--------- 2016/6xxx/CVE-2016-6743.json | 130 ++++++------ 2017/5xxx/CVE-2017-5195.json | 150 +++++++------- 2017/5xxx/CVE-2017-5741.json | 34 ++-- 2017/5xxx/CVE-2017-5835.json | 150 +++++++------- 2017/5xxx/CVE-2017-5932.json | 150 +++++++------- 48 files changed, 3687 insertions(+), 3687 deletions(-) diff --git a/2006/0xxx/CVE-2006-0019.json b/2006/0xxx/CVE-2006-0019.json index d4aee427186..9181a8a4951 100644 --- a/2006/0xxx/CVE-2006-0019.json +++ b/2006/0xxx/CVE-2006-0019.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060119 [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422464/100/0/threaded" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20060119-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20060119-1.txt" - }, - { - "name" : "ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff" - }, - { - "name" : "DSA-948", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-948" - }, - { - "name" : "FLSA:178606", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427976/100/0/threaded" - }, - { - "name" : "GLSA-200601-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-11.xml" - }, - { - "name" : "MDKSA-2006:019", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:019" - }, - { - "name" : "RHSA-2006:0184", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0184.html" - }, - { - "name" : "SSA:2006-045-05", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107" - }, - { - "name" : "SUSE-SA:2006:003", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/archive/1/422489/100/0/threaded" - }, - { - "name" : "USN-245-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-245-1" - }, - { - "name" : "16325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16325" - }, - { - "name" : "oval:org.mitre.oval:def:11858", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11858" - }, - { - "name" : "ADV-2006-0265", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0265" - }, - { - "name" : "22659", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22659" - }, - { - "name" : "1015512", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015512" - }, - { - "name" : "18500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18500" - }, - { - "name" : "18540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18540" - }, - { - "name" : "18561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18561" - }, - { - "name" : "18552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18552" - }, - { - "name" : "18559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18559" - }, - { - "name" : "18570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18570" - }, - { - "name" : "18899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18899" - }, - { - "name" : "18583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18583" - }, - { - "name" : "364", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/364" - }, - { - "name" : "kde-kjs-bo(24242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11858", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11858" + }, + { + "name": "18500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18500" + }, + { + "name": "18552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18552" + }, + { + "name": "kde-kjs-bo(24242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24242" + }, + { + "name": "364", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/364" + }, + { + "name": "ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff", + "refsource": "CONFIRM", + "url": "ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff" + }, + { + "name": "SUSE-SA:2006:003", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/archive/1/422489/100/0/threaded" + }, + { + "name": "20060119 [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422464/100/0/threaded" + }, + { + "name": "FLSA:178606", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427976/100/0/threaded" + }, + { + "name": "MDKSA-2006:019", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:019" + }, + { + "name": "RHSA-2006:0184", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0184.html" + }, + { + "name": "18559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18559" + }, + { + "name": "1015512", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015512" + }, + { + "name": "ADV-2006-0265", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0265" + }, + { + "name": "18583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18583" + }, + { + "name": "http://www.kde.org/info/security/advisory-20060119-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20060119-1.txt" + }, + { + "name": "USN-245-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-245-1" + }, + { + "name": "18570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18570" + }, + { + "name": "SSA:2006-045-05", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107" + }, + { + "name": "DSA-948", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-948" + }, + { + "name": "22659", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22659" + }, + { + "name": "18540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18540" + }, + { + "name": "16325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16325" + }, + { + "name": "GLSA-200601-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-11.xml" + }, + { + "name": "18899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18899" + }, + { + "name": "18561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18561" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0118.json b/2006/0xxx/CVE-2006-0118.json index b5df91afa31..b49612fda09 100644 --- a/2006/0xxx/CVE-2006-0118.json +++ b/2006/0xxx/CVE-2006-0118.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007054", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007054" - }, - { - "name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument" - }, - { - "name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument" - }, - { - "name" : "16158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16158" - }, - { - "name" : "ADV-2006-0081", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0081" - }, - { - "name" : "18328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18328" - }, - { - "name" : "lotus-long-formula-bo(24206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument" + }, + { + "name": "lotus-long-formula-bo(24206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24206" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054" + }, + { + "name": "16158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16158" + }, + { + "name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument" + }, + { + "name": "18328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18328" + }, + { + "name": "ADV-2006-0081", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0081" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1014.json b/2006/1xxx/CVE-2006-1014.json index 2bdd4b7a265..06918f74d96 100644 --- a/2006/1xxx/CVE-2006-1014.json +++ b/2006/1xxx/CVE-2006-1014.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060228 (PHP) mb_send_mail security bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426342/100/0/threaded" - }, - { - "name" : "SUSE-SA:2006:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/05-05-2006.html" - }, - { - "name" : "16878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16878" - }, - { - "name" : "ADV-2006-0772", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0772" - }, - { - "name" : "23534", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23534" - }, - { - "name" : "18694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18694" - }, - { - "name" : "19979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0772", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0772" + }, + { + "name": "23534", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23534" + }, + { + "name": "16878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16878" + }, + { + "name": "20060228 (PHP) mb_send_mail security bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426342/100/0/threaded" + }, + { + "name": "19979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19979" + }, + { + "name": "SUSE-SA:2006:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/05-05-2006.html" + }, + { + "name": "18694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18694" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1541.json b/2006/1xxx/CVE-2006-1541.json index d4ae8b7d186..eb938e3fd62 100644 --- a/2006/1xxx/CVE-2006-1541.json +++ b/2006/1xxx/CVE-2006-1541.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429487/100/0/threaded" - }, - { - "name" : "20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=114367573519326&w=2" - }, - { - "name" : "1623", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1623" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=22", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=22" - }, - { - "name" : "17309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17309" - }, - { - "name" : "ADV-2006-1164", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1164" - }, - { - "name" : "24256", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24256" - }, - { - "name" : "19441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19441" - }, - { - "name" : "ezaspsite-default-sql-injection(25544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1623", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1623" + }, + { + "name": "19441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19441" + }, + { + "name": "ADV-2006-1164", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1164" + }, + { + "name": "17309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17309" + }, + { + "name": "24256", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24256" + }, + { + "name": "ezaspsite-default-sql-injection(25544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25544" + }, + { + "name": "20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429487/100/0/threaded" + }, + { + "name": "20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=114367573519326&w=2" + }, + { + "name": "http://www.nukedx.com/?viewdoc=22", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=22" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3043.json b/2006/3xxx/CVE-2006-3043.json index c16a44df3f3..8fabdcf758a 100644 --- a/2006/3xxx/CVE-2006-3043.json +++ b/2006/3xxx/CVE-2006-3043.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060610 [MajorSecurity #14]CFXe-CMS <= 2.0 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-06/0149.html" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls14.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls14.txt" - }, - { - "name" : "ADV-2006-2278", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2278" - }, - { - "name" : "1016277", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016277" - }, - { - "name" : "20582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20582" - }, - { - "name" : "cfxe-cms-search-xss(27052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.majorsecurity.de/advisory/major_rls14.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls14.txt" + }, + { + "name": "ADV-2006-2278", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2278" + }, + { + "name": "cfxe-cms-search-xss(27052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27052" + }, + { + "name": "20582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20582" + }, + { + "name": "1016277", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016277" + }, + { + "name": "20060610 [MajorSecurity #14]CFXe-CMS <= 2.0 - XSS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0149.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3997.json b/2006/3xxx/CVE-2006-3997.json index 8d3e6d5fcaf..931f55d2817 100644 --- a/2006/3xxx/CVE-2006-3997.json +++ b/2006/3xxx/CVE-2006-3997.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060801 WoW Roster <= 1.5.x Remote File Include (hsList.php)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441820/100/0/threaded" - }, - { - "name" : "http://www.wowroster.net/Forums/viewtopic/t=333.html", - "refsource" : "MISC", - "url" : "http://www.wowroster.net/Forums/viewtopic/t=333.html" - }, - { - "name" : "19269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19269" - }, - { - "name" : "1016631", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016631" - }, - { - "name" : "21299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21299" - }, - { - "name" : "1329", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1329" - }, - { - "name" : "wowroster-conf-file-include(28101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wowroster.net/Forums/viewtopic/t=333.html", + "refsource": "MISC", + "url": "http://www.wowroster.net/Forums/viewtopic/t=333.html" + }, + { + "name": "1016631", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016631" + }, + { + "name": "wowroster-conf-file-include(28101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28101" + }, + { + "name": "19269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19269" + }, + { + "name": "1329", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1329" + }, + { + "name": "21299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21299" + }, + { + "name": "20060801 WoW Roster <= 1.5.x Remote File Include (hsList.php)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441820/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4294.json b/2006/4xxx/CVE-2006-4294.json index c71b80f7aea..18a1c036ec2 100644 --- a/2006/4xxx/CVE-2006-4294.json +++ b/2006/4xxx/CVE-2006-4294.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294", - "refsource" : "CONFIRM", - "url" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294" - }, - { - "name" : "19907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19907" - }, - { - "name" : "ADV-2006-3524", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3524" - }, - { - "name" : "1016805", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016805" - }, - { - "name" : "21829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3524", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3524" + }, + { + "name": "19907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19907" + }, + { + "name": "1016805", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016805" + }, + { + "name": "21829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21829" + }, + { + "name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294", + "refsource": "CONFIRM", + "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4342.json b/2006/4xxx/CVE-2006-4342.json index be099108747..ee99f8c36c5 100644 --- a/2006/4xxx/CVE-2006-4342.json +++ b/2006/4xxx/CVE-2006-4342.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205618", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205618" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" - }, - { - "name" : "RHSA-2006:0710", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0710.html" - }, - { - "name" : "VU#245984", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/245984" - }, - { - "name" : "oval:org.mitre.oval:def:9649", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9649" - }, - { - "name" : "22497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22497" - }, - { - "name" : "23064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#245984", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/245984" + }, + { + "name": "oval:org.mitre.oval:def:9649", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9649" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205618", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205618" + }, + { + "name": "23064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23064" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" + }, + { + "name": "22497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22497" + }, + { + "name": "RHSA-2006:0710", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0710.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4535.json b/2006/4xxx/CVE-2006-4535.json index 1d336554360..13517ff7c8b 100644 --- a/2006/4xxx/CVE-2006-4535.json +++ b/2006/4xxx/CVE-2006-4535.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mail-archive.com/kernel-svn-changes@lists.alioth.debian.org/msg02314.html", - "refsource" : "MISC", - "url" : "http://www.mail-archive.com/kernel-svn-changes@lists.alioth.debian.org/msg02314.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204460", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204460" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" - }, - { - "name" : "DSA-1183", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1183" - }, - { - "name" : "DSA-1184", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1184" - }, - { - "name" : "MDKSA-2006:182", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:182" - }, - { - "name" : "MDKSA-2007:025", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" - }, - { - "name" : "RHSA-2006:0689", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html" - }, - { - "name" : "USN-347-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-347-1" - }, - { - "name" : "20087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20087" - }, - { - "name" : "oval:org.mitre.oval:def:10530", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10530" - }, - { - "name" : "1016992", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016992" - }, - { - "name" : "21945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21945" - }, - { - "name" : "22082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22082" - }, - { - "name" : "22093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22093" - }, - { - "name" : "21967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21967" - }, - { - "name" : "22292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22292" - }, - { - "name" : "22382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22382" - }, - { - "name" : "22945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22945" - }, - { - "name" : "kernel-sctp-dos(29011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2007:025", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" + }, + { + "name": "http://www.mail-archive.com/kernel-svn-changes@lists.alioth.debian.org/msg02314.html", + "refsource": "MISC", + "url": "http://www.mail-archive.com/kernel-svn-changes@lists.alioth.debian.org/msg02314.html" + }, + { + "name": "DSA-1183", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1183" + }, + { + "name": "22292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22292" + }, + { + "name": "RHSA-2006:0689", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204460", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204460" + }, + { + "name": "22082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22082" + }, + { + "name": "21945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21945" + }, + { + "name": "20087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20087" + }, + { + "name": "MDKSA-2006:182", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:182" + }, + { + "name": "kernel-sctp-dos(29011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29011" + }, + { + "name": "22382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22382" + }, + { + "name": "21967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21967" + }, + { + "name": "USN-347-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-347-1" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" + }, + { + "name": "1016992", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016992" + }, + { + "name": "oval:org.mitre.oval:def:10530", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10530" + }, + { + "name": "22945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22945" + }, + { + "name": "22093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22093" + }, + { + "name": "DSA-1184", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1184" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4653.json b/2006/4xxx/CVE-2006-4653.json index 80b8cbc028f..51097926a41 100644 --- a/2006/4xxx/CVE-2006-4653.json +++ b/2006/4xxx/CVE-2006-4653.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060904 The Amazing Little Poll Admin Pwd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445081/100/0/threaded" - }, - { - "name" : "19837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19837" - }, - { - "name" : "ADV-2006-3687", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3687" - }, - { - "name" : "21997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21997" - }, - { - "name" : "1527", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1527" - }, - { - "name" : "alpoll-admin-auth-bypass(28737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19837" + }, + { + "name": "20060904 The Amazing Little Poll Admin Pwd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445081/100/0/threaded" + }, + { + "name": "1527", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1527" + }, + { + "name": "21997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21997" + }, + { + "name": "ADV-2006-3687", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3687" + }, + { + "name": "alpoll-admin-auth-bypass(28737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28737" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4678.json b/2006/4xxx/CVE-2006-4678.json index 408b578a9d9..ff983620f08 100644 --- a/2006/4xxx/CVE-2006-4678.json +++ b/2006/4xxx/CVE-2006-4678.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 News Evolution v3.0.3 - Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445576/100/0/threaded" - }, - { - "name" : "1536", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1536" - }, - { - "name" : "news-evolution-install-file-include(28803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060907 News Evolution v3.0.3 - Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445576/100/0/threaded" + }, + { + "name": "1536", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1536" + }, + { + "name": "news-evolution-install-file-include(28803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28803" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2461.json b/2010/2xxx/CVE-2010-2461.json index b25d40c2245..66f7f9ee04c 100644 --- a/2010/2xxx/CVE-2010-2461.json +++ b/2010/2xxx/CVE-2010-2461.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13946", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13946" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/overstock-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/overstock-sql.txt" - }, - { - "name" : "40990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40990" - }, - { - "name" : "overstock-storecat-sql-injection(59596)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13946", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13946" + }, + { + "name": "overstock-storecat-sql-injection(59596)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59596" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/overstock-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/overstock-sql.txt" + }, + { + "name": "40990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40990" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2662.json b/2010/2xxx/CVE-2010-2662.json index 1170b986925..b5d429f5571 100644 --- a/2010/2xxx/CVE-2010-2662.json +++ b/2010/2xxx/CVE-2010-2662.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a \"fake click.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1060/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1060/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1060/" - }, - { - "name" : "oval:org.mitre.oval:def:11157", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a \"fake click.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/mac/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1060/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1060/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1060/" + }, + { + "name": "oval:org.mitre.oval:def:11157", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11157" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3310.json b/2010/3xxx/CVE-2010-3310.json index 6f1b984dbf0..05dac2269c3 100644 --- a/2010/3xxx/CVE-2010-3310.json +++ b/2010/3xxx/CVE-2010-3310.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-netdev] 20100920 [PATCH] rose: Fix signedness issues wrt. digi count.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=128502238927086&w=2" - }, - { - "name" : "[oss-security] 20100921 CVE request: kernel: Heap corruption in ROSE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/21/1" - }, - { - "name" : "[oss-security] 20100921 Re: CVE request: kernel: Heap corruption in ROSE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/21/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9828e6e6e3f19efcb476c567b9999891d051f52f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9828e6e6e3f19efcb476c567b9999891d051f52f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100923.bz2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100923.bz2" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "MDVSA-2011:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name" : "SUSE-SA:2010:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html" - }, - { - "name" : "SUSE-SA:2010:051", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html" - }, - { - "name" : "SUSE-SA:2010:060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" - }, - { - "name" : "SUSE-SA:2010:054", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "43368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43368" - }, - { - "name" : "68163", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/68163" - }, - { - "name" : "41493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41493" - }, - { - "name" : "43291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43291" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "ADV-2011-0375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0375" - }, - { - "name" : "kernel-rose-bind-dos(61953)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "[oss-security] 20100921 Re: CVE request: kernel: Heap corruption in ROSE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/21/2" + }, + { + "name": "[linux-netdev] 20100920 [PATCH] rose: Fix signedness issues wrt. digi count.", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=128502238927086&w=2" + }, + { + "name": "68163", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/68163" + }, + { + "name": "41493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41493" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "SUSE-SA:2010:060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" + }, + { + "name": "[oss-security] 20100921 CVE request: kernel: Heap corruption in ROSE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/21/1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100923.bz2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100923.bz2" + }, + { + "name": "43368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43368" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "MDVSA-2011:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + }, + { + "name": "SUSE-SA:2010:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html" + }, + { + "name": "SUSE-SA:2010:051", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html" + }, + { + "name": "ADV-2011-0375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0375" + }, + { + "name": "SUSE-SA:2011:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "kernel-rose-bind-dos(61953)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61953" + }, + { + "name": "43291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43291" + }, + { + "name": "SUSE-SA:2010:054", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9828e6e6e3f19efcb476c567b9999891d051f52f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9828e6e6e3f19efcb476c567b9999891d051f52f" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3448.json b/2010/3xxx/CVE-2010-3448.json index 48229b8d235..f7768412187 100644 --- a/2010/3xxx/CVE-2010-3448.json +++ b/2010/3xxx/CVE-2010-3448.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100623 kernel: thinkpad-acpi: lock down video output state access", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/06/23/2" - }, - { - "name" : "[oss-security] 20100928 Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/28/1" - }, - { - "name" : "[oss-security] 20100929 Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/29/7" - }, - { - "name" : "[oss-security] 20100930 Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/30/6" - }, - { - "name" : "[oss-security] 20100930 Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/30/1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b525c06cdbd8a3963f0173ccd23f9147d4c384b5", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b525c06cdbd8a3963f0173ccd23f9147d4c384b5" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=652122", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=652122" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "kernel-thinkpad-dos(64580)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100928 Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/28/1" + }, + { + "name": "[oss-security] 20100929 Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/29/7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=652122", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=652122" + }, + { + "name": "[oss-security] 20100930 Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/30/1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790" + }, + { + "name": "[oss-security] 20100623 kernel: thinkpad-acpi: lock down video output state access", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/06/23/2" + }, + { + "name": "kernel-thinkpad-dos(64580)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64580" + }, + { + "name": "[oss-security] 20100930 Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/30/6" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b525c06cdbd8a3963f0173ccd23f9147d4c384b5", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b525c06cdbd8a3963f0173ccd23f9147d4c384b5" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3498.json b/2010/3xxx/CVE-2010-3498.json index 6399aaecba6..0781a6c4cdd 100644 --- a/2010/3xxx/CVE-2010-3498.json +++ b/2010/3xxx/CVE-2010-3498.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101018 Antivirus detection after malware execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514356" - }, - { - "name" : "http://www.n00bz.net/antivirus-cve", - "refsource" : "MISC", - "url" : "http://www.n00bz.net/antivirus-cve" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101018 Antivirus detection after malware execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514356" + }, + { + "name": "http://www.n00bz.net/antivirus-cve", + "refsource": "MISC", + "url": "http://www.n00bz.net/antivirus-cve" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3993.json b/2010/3xxx/CVE-2010-3993.json index 95b26c04b44..1748cdde934 100644 --- a/2010/3xxx/CVE-2010-3993.json +++ b/2010/3xxx/CVE-2010-3993.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-3993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02601", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128811321427551&w=2" - }, - { - "name" : "SSRT100316", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128811321427551&w=2" - }, - { - "name" : "1024643", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02601", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128811321427551&w=2" + }, + { + "name": "1024643", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024643" + }, + { + "name": "SSRT100316", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128811321427551&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0737.json b/2011/0xxx/CVE-2011-0737.json index 1008203d5f4..0518d3898e0 100644 --- a/2011/0xxx/CVE-2011-0737.json +++ b/2011/0xxx/CVE-2011-0737.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110128 Vulnerabilities in Adobe ColdFusion", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" - }, - { - "name" : "http://websecurity.com.ua/4879/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/4879/" - }, - { - "name" : "70781", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70781", + "refsource": "OSVDB", + "url": "http://osvdb.org/70781" + }, + { + "name": "http://websecurity.com.ua/4879/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/4879/" + }, + { + "name": "20110128 Vulnerabilities in Adobe ColdFusion", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1883.json b/2011/1xxx/CVE-2011-1883.json index 51f202a2022..4367faf01af 100644 --- a/2011/1xxx/CVE-2011-1883.json +++ b/2011/1xxx/CVE-2011-1883.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100144947", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144947" - }, - { - "name" : "MS11-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "48595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48595" - }, - { - "name" : "73783", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73783" - }, - { - "name" : "oval:org.mitre.oval:def:12721", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12721" - }, - { - "name" : "1025761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025761" - }, - { - "name" : "45186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73783", + "refsource": "OSVDB", + "url": "http://osvdb.org/73783" + }, + { + "name": "MS11-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144947", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144947" + }, + { + "name": "48595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48595" + }, + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "oval:org.mitre.oval:def:12721", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12721" + }, + { + "name": "45186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45186" + }, + { + "name": "1025761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025761" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1974.json b/2011/1xxx/CVE-2011-1974.json index d9774100ece..3a054310e20 100644 --- a/2011/1xxx/CVE-2011-1974.json +++ b/2011/1xxx/CVE-2011-1974.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka \"NDISTAPI Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40627", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40627/" - }, - { - "name" : "MS11-062", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-062" - }, - { - "name" : "TA11-221A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" - }, - { - "name" : "48996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48996" - }, - { - "name" : "oval:org.mitre.oval:def:12912", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka \"NDISTAPI Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12912", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12912" + }, + { + "name": "MS11-062", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-062" + }, + { + "name": "40627", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40627/" + }, + { + "name": "48996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48996" + }, + { + "name": "TA11-221A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3133.json b/2014/3xxx/CVE-2014-3133.json index 96cd1ad5323..6b4c2fef9f5 100644 --- a/2014/3xxx/CVE-2014-3133.json +++ b/2014/3xxx/CVE-2014-3133.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/301" - }, - { - "name" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008", - "refsource" : "MISC", - "url" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1922547", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1922547" - }, - { - "name" : "67104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/301" + }, + { + "name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008", + "refsource": "MISC", + "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008" + }, + { + "name": "67104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67104" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "https://service.sap.com/sap/support/notes/1922547", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1922547" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3232.json b/2014/3xxx/CVE-2014-3232.json index 5b06d6180d1..1adea1709e8 100644 --- a/2014/3xxx/CVE-2014-3232.json +++ b/2014/3xxx/CVE-2014-3232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3232", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3232", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3702.json b/2014/3xxx/CVE-2014-3702.json index 6c1cd8dac9e..111774e5581 100644 --- a/2014/3xxx/CVE-2014-3702.json +++ b/2014/3xxx/CVE-2014-3702.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1153470", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1153470" - }, - { - "name" : "https://github.com/redhat-cip/edeploy/issues/231", - "refsource" : "CONFIRM", - "url" : "https://github.com/redhat-cip/edeploy/issues/231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/redhat-cip/edeploy/issues/231", + "refsource": "CONFIRM", + "url": "https://github.com/redhat-cip/edeploy/issues/231" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1153470", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1153470" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3768.json b/2014/3xxx/CVE-2014-3768.json index 57dc649a4c6..93cb70375d4 100644 --- a/2014/3xxx/CVE-2014-3768.json +++ b/2014/3xxx/CVE-2014-3768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6642.json b/2014/6xxx/CVE-2014-6642.json index e9f639aa29a..8533005e91b 100644 --- a/2014/6xxx/CVE-2014-6642.json +++ b/2014/6xxx/CVE-2014-6642.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum) application 2.4.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#238329", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/238329" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum) application 2.4.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#238329", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/238329" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7491.json b/2014/7xxx/CVE-2014-7491.json index 2520d130716..c37c0a01581 100644 --- a/2014/7xxx/CVE-2014-7491.json +++ b/2014/7xxx/CVE-2014-7491.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#879849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/879849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#879849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/879849" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7573.json b/2014/7xxx/CVE-2014-7573.json index a54a535cfd9..06ac13ea72e 100644 --- a/2014/7xxx/CVE-2014-7573.json +++ b/2014/7xxx/CVE-2014-7573.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The droid Survey Offline Forms (aka com.contact.droidSURVEY) application 2.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#599833", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/599833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The droid Survey Offline Forms (aka com.contact.droidSURVEY) application 2.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#599833", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/599833" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7646.json b/2014/7xxx/CVE-2014-7646.json index b85866191f0..72ab4967a98 100644 --- a/2014/7xxx/CVE-2014-7646.json +++ b/2014/7xxx/CVE-2014-7646.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#143201", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/143201" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#143201", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/143201" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7743.json b/2014/7xxx/CVE-2014-7743.json index e26bc960caf..5e2242fa544 100644 --- a/2014/7xxx/CVE-2014-7743.json +++ b/2014/7xxx/CVE-2014-7743.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#331785", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/331785" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#331785", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/331785" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8346.json b/2014/8xxx/CVE-2014-8346.json index 042d7139f02..2ada091814f 100644 --- a/2014/8xxx/CVE-2014-8346.json +++ b/2014/8xxx/CVE-2014-8346.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.youtube.com/watch?v=Q3adkpOEjyI", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=Q3adkpOEjyI" - }, - { - "name" : "https://www.youtube.com/watch?v=YufuOYQoDOY", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=YufuOYQoDOY" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=Q3adkpOEjyI", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=Q3adkpOEjyI" + }, + { + "name": "https://www.youtube.com/watch?v=YufuOYQoDOY", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=YufuOYQoDOY" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8482.json b/2014/8xxx/CVE-2014-8482.json index 66b9a41dca5..55c8ca77759 100644 --- a/2014/8xxx/CVE-2014-8482.json +++ b/2014/8xxx/CVE-2014-8482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8482", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8482", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8539.json b/2014/8xxx/CVE-2014-8539.json index 53e05f28c5f..be48fd1a191 100644 --- a/2014/8xxx/CVE-2014-8539.json +++ b/2014/8xxx/CVE-2014-8539.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141119 Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534017/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/129171/Joomla-Simple-Email-Form-1.8.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129171/Joomla-Simple-Email-Form-1.8.5-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23241", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23241" - }, - { - "name" : "71131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23241", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23241" + }, + { + "name": "http://packetstormsecurity.com/files/129171/Joomla-Simple-Email-Form-1.8.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129171/Joomla-Simple-Email-Form-1.8.5-Cross-Site-Scripting.html" + }, + { + "name": "20141119 Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534017/100/0/threaded" + }, + { + "name": "71131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71131" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8598.json b/2014/8xxx/CVE-2014-8598.json index ec5e5ce5af9..95ad3fd9844 100644 --- a/2014/8xxx/CVE-2014-8598.json +++ b/2014/8xxx/CVE-2014-8598.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141108 CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/07/28" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=17780", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=17780" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/80a15487", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/80a15487" - }, - { - "name" : "DSA-3120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3120" - }, - { - "name" : "70996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70996" - }, - { - "name" : "62101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62101" - }, - { - "name" : "mantisbt-cve20148598-sec-bypass(98573)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mantisbt/mantisbt/commit/80a15487", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/80a15487" + }, + { + "name": "[oss-security] 20141108 CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/07/28" + }, + { + "name": "mantisbt-cve20148598-sec-bypass(98573)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98573" + }, + { + "name": "70996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70996" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=17780", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=17780" + }, + { + "name": "62101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62101" + }, + { + "name": "DSA-3120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3120" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8839.json b/2014/8xxx/CVE-2014-8839.json index fc7bfd0ad39..618cc2ef1ee 100644 --- a/2014/8xxx/CVE-2014-8839.json +++ b/2014/8xxx/CVE-2014-8839.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spotlight in Apple OS X before 10.10.2 does not enforce the Mail \"Load remote content in messages\" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html", - "refsource" : "MISC", - "url" : "http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html" - }, - { - "name" : "http://www.theregister.co.uk/2015/01/10/spotlight_caught_spreading_your_delicates/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2015/01/10/spotlight_caught_spreading_your_delicates/" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031521", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id/1031521" - }, - { - "name" : "macosx-cve20148839-sec-bypass(100527)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spotlight in Apple OS X before 10.10.2 does not enforce the Mail \"Load remote content in messages\" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.theregister.co.uk/2015/01/10/spotlight_caught_spreading_your_delicates/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2015/01/10/spotlight_caught_spreading_your_delicates/" + }, + { + "name": "macosx-cve20148839-sec-bypass(100527)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100527" + }, + { + "name": "1031521", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id/1031521" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html", + "refsource": "MISC", + "url": "http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9263.json b/2014/9xxx/CVE-2014-9263.json index 5d1771dbc74..73dc48bfad5 100644 --- a/2014/9xxx/CVE-2014-9263.json +++ b/2014/9xxx/CVE-2014-9263.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-393/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-393/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-394/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-394/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-395/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-395/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-396/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-396/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-397/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-397/" - }, - { - "name" : "71488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-397/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-397/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-396/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-396/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-395/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-395/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-394/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-394/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-393/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-393/" + }, + { + "name": "71488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71488" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9556.json b/2014/9xxx/CVE-2014-9556.json index d648e59a198..49f266e35f2 100644 --- a/2014/9xxx/CVE-2014-9556.json +++ b/2014/9xxx/CVE-2014-9556.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-9556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150101 CVE Request: libmspack: frame_end overflow which could cause infinite loop", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/01/5" - }, - { - "name" : "[oss-security] 20150107 Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/07/2" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0052.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0052.html" - }, - { - "name" : "MDVSA-2015:041", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:041" - }, - { - "name" : "openSUSE-SU-2015:0187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00004.html" - }, - { - "name" : "62793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150101 CVE Request: libmspack: frame_end overflow which could cause infinite loop", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/01/5" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041" + }, + { + "name": "62793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62793" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0052.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0052.html" + }, + { + "name": "[oss-security] 20150107 Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/07/2" + }, + { + "name": "openSUSE-SU-2015:0187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00004.html" + }, + { + "name": "MDVSA-2015:041", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:041" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2056.json b/2016/2xxx/CVE-2016-2056.json index 890ea57d886..fdf89501bb6 100644 --- a/2016/2xxx/CVE-2016-2056.json +++ b/2016/2xxx/CVE-2016-2056.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160214 Xymon: Critical security issues in all versions prior to 4.3.25", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537522/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html" - }, - { - "name" : "https://sourceforge.net/p/xymon/code/7892/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/xymon/code/7892/" - }, - { - "name" : "DSA-3495", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded" + }, + { + "name": "https://sourceforge.net/p/xymon/code/7892/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/xymon/code/7892/" + }, + { + "name": "DSA-3495", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3495" + }, + { + "name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2700.json b/2016/2xxx/CVE-2016-2700.json index 85fe40a739d..4dce0659f71 100644 --- a/2016/2xxx/CVE-2016-2700.json +++ b/2016/2xxx/CVE-2016-2700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2700", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2700", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2819.json b/2016/2xxx/CVE-2016-2819.json index 722af9e67f8..9fa2040a2cd 100644 --- a/2016/2xxx/CVE-2016-2819.json +++ b/2016/2xxx/CVE-2016-2819.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44293", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44293/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-50.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-50.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1270381", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1270381" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3600", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3600" - }, - { - "name" : "RHSA-2016:1217", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1217" - }, - { - "name" : "openSUSE-SU-2016:1552", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1557", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:1691", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" - }, - { - "name" : "USN-2993-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2993-1" - }, - { - "name" : "91075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91075" - }, - { - "name" : "1036057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036057" + }, + { + "name": "RHSA-2016:1217", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1217" + }, + { + "name": "openSUSE-SU-2016:1557", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "44293", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44293/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1270381", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1270381" + }, + { + "name": "openSUSE-SU-2016:1552", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-50.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-50.html" + }, + { + "name": "USN-2993-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2993-1" + }, + { + "name": "SUSE-SU-2016:1691", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" + }, + { + "name": "91075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91075" + }, + { + "name": "DSA-3600", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3600" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6013.json b/2016/6xxx/CVE-2016-6013.json index fc98b675389..46027a6204f 100644 --- a/2016/6xxx/CVE-2016-6013.json +++ b/2016/6xxx/CVE-2016-6013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6039.json b/2016/6xxx/CVE-2016-6039.json index cb8185268b8..d4a092e84b4 100644 --- a/2016/6xxx/CVE-2016-6039.json +++ b/2016/6xxx/CVE-2016-6039.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21991153", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21991153" - }, - { - "name" : "94853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21991153", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21991153" + }, + { + "name": "94853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94853" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6134.json b/2016/6xxx/CVE-2016-6134.json index 7351cc6dba7..6294220b40a 100644 --- a/2016/6xxx/CVE-2016-6134.json +++ b/2016/6xxx/CVE-2016-6134.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6134", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6134", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6327.json b/2016/6xxx/CVE-2016-6327.json index aacd8db7adc..a76987850d7 100644 --- a/2016/6xxx/CVE-2016-6327.json +++ b/2016/6xxx/CVE-2016-6327.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160819 Re: CVE-2016-6327 | Linux kernel crash in infiniband subsystem.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/19/5" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1354525", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1354525" - }, - { - "name" : "https://github.com/torvalds/linux/commit/51093254bf879bc9ce96590400a87897c7498463", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/51093254bf879bc9ce96590400a87897c7498463" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "RHSA-2016:2584", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html" - }, - { - "name" : "92549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2584", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463" + }, + { + "name": "https://github.com/torvalds/linux/commit/51093254bf879bc9ce96590400a87897c7498463", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/51093254bf879bc9ce96590400a87897c7498463" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" + }, + { + "name": "92549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92549" + }, + { + "name": "[oss-security] 20160819 Re: CVE-2016-6327 | Linux kernel crash in infiniband subsystem.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/19/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1354525", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1354525" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6743.json b/2016/6xxx/CVE-2016-6743.json index 4ce09ba8023..ae63d0ceffb 100644 --- a/2016/6xxx/CVE-2016-6743.json +++ b/2016/6xxx/CVE-2016-6743.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android Kernel-3.10", - "version" : { - "version_data" : [ - { - "version_value" : "Android Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30937462." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android Kernel-3.10", + "version": { + "version_data": [ + { + "version_value": "Android Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30937462." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94131" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5195.json b/2017/5xxx/CVE-2017-5195.json index b03c9be7a41..abe9459bf7f 100644 --- a/2017/5xxx/CVE-2017-5195.json +++ b/2017/5xxx/CVE-2017-5195.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170106 Re: CVE Request: Irssi Multiple Vulnerabilities (2017/01)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/06/1" - }, - { - "name" : "https://irssi.org/security/irssi_sa_2017_01.txt", - "refsource" : "CONFIRM", - "url" : "https://irssi.org/security/irssi_sa_2017_01.txt" - }, - { - "name" : "GLSA-201701-45", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-45" - }, - { - "name" : "95310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170106 Re: CVE Request: Irssi Multiple Vulnerabilities (2017/01)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/06/1" + }, + { + "name": "https://irssi.org/security/irssi_sa_2017_01.txt", + "refsource": "CONFIRM", + "url": "https://irssi.org/security/irssi_sa_2017_01.txt" + }, + { + "name": "95310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95310" + }, + { + "name": "GLSA-201701-45", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-45" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5741.json b/2017/5xxx/CVE-2017-5741.json index 1b2716bc59a..0ef3ff03b2b 100644 --- a/2017/5xxx/CVE-2017-5741.json +++ b/2017/5xxx/CVE-2017-5741.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5741", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5741", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5835.json b/2017/5xxx/CVE-2017-5835.json index 888731e63b7..d925a011b4a 100644 --- a/2017/5xxx/CVE-2017-5835.json +++ b/2017/5xxx/CVE-2017-5835.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170131 CVE request: multiples vulnerabilities in libplist", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/31/6" - }, - { - "name" : "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in libplist", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/4" - }, - { - "name" : "https://github.com/libimobiledevice/libplist/issues/88", - "refsource" : "CONFIRM", - "url" : "https://github.com/libimobiledevice/libplist/issues/88" - }, - { - "name" : "96022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96022" + }, + { + "name": "https://github.com/libimobiledevice/libplist/issues/88", + "refsource": "CONFIRM", + "url": "https://github.com/libimobiledevice/libplist/issues/88" + }, + { + "name": "[oss-security] 20170131 CVE request: multiples vulnerabilities in libplist", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/31/6" + }, + { + "name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in libplist", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/4" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5932.json b/2017/5xxx/CVE-2017-5932.json index e064816c774..2d0210b3496 100644 --- a/2017/5xxx/CVE-2017-5932.json +++ b/2017/5xxx/CVE-2017-5932.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a \" (double quote) character and a command substitution metacharacter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bug-bash] 20170120 Bash-4.4 Official Patch 7", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html" - }, - { - "name" : "[oss-security] 20170207 Re: CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/08/3" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715" - }, - { - "name" : "96136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a \" (double quote) character and a command substitution metacharacter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715" + }, + { + "name": "[bug-bash] 20170120 Bash-4.4 Official Patch 7", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html" + }, + { + "name": "[oss-security] 20170207 Re: CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/08/3" + }, + { + "name": "96136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96136" + } + ] + } +} \ No newline at end of file