From 6f8ba330424d1e230dba66ccc4bd200cac863e8e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:15:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0593.json | 190 ++++++------- 2006/0xxx/CVE-2006-0856.json | 170 ++++++------ 2006/3xxx/CVE-2006-3322.json | 180 ++++++------ 2006/3xxx/CVE-2006-3495.json | 200 +++++++------- 2006/3xxx/CVE-2006-3962.json | 130 ++++----- 2006/4xxx/CVE-2006-4106.json | 150 +++++----- 2006/4xxx/CVE-2006-4675.json | 170 ++++++------ 2006/4xxx/CVE-2006-4900.json | 220 +++++++-------- 2006/6xxx/CVE-2006-6571.json | 150 +++++----- 2006/6xxx/CVE-2006-6960.json | 150 +++++----- 2006/7xxx/CVE-2006-7013.json | 140 +++++----- 2010/2xxx/CVE-2010-2136.json | 160 +++++------ 2010/2xxx/CVE-2010-2393.json | 120 ++++---- 2010/2xxx/CVE-2010-2739.json | 150 +++++----- 2010/2xxx/CVE-2010-2948.json | 340 +++++++++++------------ 2010/3xxx/CVE-2010-3342.json | 140 +++++----- 2010/3xxx/CVE-2010-3489.json | 160 +++++------ 2010/3xxx/CVE-2010-3555.json | 280 +++++++++---------- 2011/0xxx/CVE-2011-0147.json | 180 ++++++------ 2011/0xxx/CVE-2011-0601.json | 34 +-- 2011/0xxx/CVE-2011-0835.json | 130 ++++----- 2011/0xxx/CVE-2011-0951.json | 170 ++++++------ 2011/1xxx/CVE-2011-1167.json | 490 ++++++++++++++++----------------- 2011/1xxx/CVE-2011-1329.json | 180 ++++++------ 2011/1xxx/CVE-2011-1499.json | 200 +++++++------- 2011/1xxx/CVE-2011-1904.json | 140 +++++----- 2011/5xxx/CVE-2011-5166.json | 190 ++++++------- 2011/5xxx/CVE-2011-5309.json | 120 ++++---- 2014/3xxx/CVE-2014-3119.json | 34 +-- 2014/3xxx/CVE-2014-3161.json | 140 +++++----- 2014/3xxx/CVE-2014-3257.json | 34 +-- 2014/3xxx/CVE-2014-3688.json | 270 +++++++++--------- 2014/6xxx/CVE-2014-6326.json | 120 ++++---- 2014/6xxx/CVE-2014-6385.json | 130 ++++----- 2014/6xxx/CVE-2014-6546.json | 130 ++++----- 2014/6xxx/CVE-2014-6728.json | 140 +++++----- 2014/7xxx/CVE-2014-7154.json | 210 +++++++------- 2014/7xxx/CVE-2014-7509.json | 140 +++++----- 2014/7xxx/CVE-2014-7770.json | 140 +++++----- 2014/8xxx/CVE-2014-8034.json | 160 +++++------ 2016/2xxx/CVE-2016-2561.json | 230 ++++++++-------- 2016/2xxx/CVE-2016-2626.json | 34 +-- 2016/2xxx/CVE-2016-2860.json | 160 +++++------ 2016/2xxx/CVE-2016-2988.json | 120 ++++---- 2016/6xxx/CVE-2016-6184.json | 120 ++++---- 2017/18xxx/CVE-2017-18043.json | 170 ++++++------ 2017/18xxx/CVE-2017-18142.json | 132 ++++----- 2017/1xxx/CVE-2017-1039.json | 34 +-- 2017/1xxx/CVE-2017-1140.json | 230 ++++++++-------- 2017/1xxx/CVE-2017-1733.json | 172 ++++++------ 2017/5xxx/CVE-2017-5252.json | 34 +-- 2017/5xxx/CVE-2017-5495.json | 170 ++++++------ 2017/5xxx/CVE-2017-5501.json | 130 ++++----- 2017/5xxx/CVE-2017-5581.json | 200 +++++++------- 2017/5xxx/CVE-2017-5666.json | 130 ++++----- 55 files changed, 4374 insertions(+), 4374 deletions(-) diff --git a/2006/0xxx/CVE-2006-0593.json b/2006/0xxx/CVE-2006-0593.json index 5e581cbc393..ac9639fd9dc 100644 --- a/2006/0xxx/CVE-2006-0593.json +++ b/2006/0xxx/CVE-2006-0593.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php-fusion.co.uk/news.php?readmore=307", - "refsource" : "CONFIRM", - "url" : "http://www.php-fusion.co.uk/news.php?readmore=307" - }, - { - "name" : "http://www.php-fusion.co.uk/downloads.php?cat_id=3", - "refsource" : "CONFIRM", - "url" : "http://www.php-fusion.co.uk/downloads.php?cat_id=3" - }, - { - "name" : "16548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16548" - }, - { - "name" : "ADV-2006-0463", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0463" - }, - { - "name" : "22980", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22980" - }, - { - "name" : "22981", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22981" - }, - { - "name" : "18949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18949" - }, - { - "name" : "phpfusion-multiple-xss(24548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpfusion-multiple-xss(24548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24548" + }, + { + "name": "http://www.php-fusion.co.uk/news.php?readmore=307", + "refsource": "CONFIRM", + "url": "http://www.php-fusion.co.uk/news.php?readmore=307" + }, + { + "name": "ADV-2006-0463", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0463" + }, + { + "name": "16548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16548" + }, + { + "name": "http://www.php-fusion.co.uk/downloads.php?cat_id=3", + "refsource": "CONFIRM", + "url": "http://www.php-fusion.co.uk/downloads.php?cat_id=3" + }, + { + "name": "18949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18949" + }, + { + "name": "22981", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22981" + }, + { + "name": "22980", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22980" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0856.json b/2006/0xxx/CVE-2006-0856.json index 26258b06db6..68df9be0130 100644 --- a/2006/0xxx/CVE-2006-0856.json +++ b/2006/0xxx/CVE-2006-0856.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060216 [eVuln] SmE GB Host Authentication Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425317/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/66/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/66/summary.html" - }, - { - "name" : "16609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16609" - }, - { - "name" : "ADV-2006-0543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0543" - }, - { - "name" : "18823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18823" - }, - { - "name" : "smegbhost-login-sql-injection(24544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.evuln.com/vulns/66/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/66/summary.html" + }, + { + "name": "ADV-2006-0543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0543" + }, + { + "name": "16609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16609" + }, + { + "name": "smegbhost-login-sql-injection(24544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24544" + }, + { + "name": "20060216 [eVuln] SmE GB Host Authentication Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425317/100/0/threaded" + }, + { + "name": "18823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18823" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3322.json b/2006/3xxx/CVE-2006-3322.json index d1284263408..21e8b48d185 100644 --- a/2006/3xxx/CVE-2006-3322.json +++ b/2006/3xxx/CVE-2006-3322.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438706/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-47/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-47/advisory/" - }, - { - "name" : "18720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18720" - }, - { - "name" : "ADV-2006-2592", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2592" - }, - { - "name" : "20200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20200" - }, - { - "name" : "1173", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1173" - }, - { - "name" : "phpraid-logging-sql-injection(27458)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2006-47/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-47/advisory/" + }, + { + "name": "ADV-2006-2592", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2592" + }, + { + "name": "20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438706/100/0/threaded" + }, + { + "name": "phpraid-logging-sql-injection(27458)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27458" + }, + { + "name": "18720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18720" + }, + { + "name": "1173", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1173" + }, + { + "name": "20200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20200" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3495.json b/2006/3xxx/CVE-2006-3495.json index f1ad0f79d53..ffdaeca5445 100644 --- a/2006/3xxx/CVE-2006-3495.json +++ b/2006/3xxx/CVE-2006-3495.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-08-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" - }, - { - "name" : "TA06-214A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" - }, - { - "name" : "VU#168020", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/168020" - }, - { - "name" : "19289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19289" - }, - { - "name" : "ADV-2006-3101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3101" - }, - { - "name" : "27732", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27732" - }, - { - "name" : "1016620", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016620" - }, - { - "name" : "21253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21253" - }, - { - "name" : "macosx-afp-file-access(28136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-afp-file-access(28136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28136" + }, + { + "name": "APPLE-SA-2006-08-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" + }, + { + "name": "ADV-2006-3101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3101" + }, + { + "name": "21253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21253" + }, + { + "name": "19289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19289" + }, + { + "name": "TA06-214A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" + }, + { + "name": "VU#168020", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/168020" + }, + { + "name": "1016620", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016620" + }, + { + "name": "27732", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27732" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3962.json b/2006/3xxx/CVE-2006-3962.json index 1763a1cbdc3..a44237e375a 100644 --- a/2006/3xxx/CVE-2006-3962.json +++ b/2006/3xxx/CVE-2006-3962.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2090", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2090" - }, - { - "name" : "19231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2090", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2090" + }, + { + "name": "19231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19231" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4106.json b/2006/4xxx/CVE-2006-4106.json index 0ea5b654733..18c973fb28f 100644 --- a/2006/4xxx/CVE-2006-4106.json +++ b/2006/4xxx/CVE-2006-4106.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060806 blur6ex 0.3 Comment title HTML inyection vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442435/100/0/threaded" - }, - { - "name" : "19392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19392" - }, - { - "name" : "1372", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1372" - }, - { - "name" : "blur6ex-title-xss(28275)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "blur6ex-title-xss(28275)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28275" + }, + { + "name": "19392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19392" + }, + { + "name": "20060806 blur6ex 0.3 Comment title HTML inyection vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442435/100/0/threaded" + }, + { + "name": "1372", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1372" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4675.json b/2006/4xxx/CVE-2006-4675.json index b2472222ee0..36dc2f7a1f5 100644 --- a/2006/4xxx/CVE-2006-4675.json +++ b/2006/4xxx/CVE-2006-4675.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445516/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html" - }, - { - "name" : "GLSA-200609-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-10.xml" - }, - { - "name" : "21819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21819" - }, - { - "name" : "21936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21936" - }, - { - "name" : "1537", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html" + }, + { + "name": "1537", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1537" + }, + { + "name": "GLSA-200609-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-10.xml" + }, + { + "name": "21936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21936" + }, + { + "name": "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445516/100/0/threaded" + }, + { + "name": "21819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21819" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4900.json b/2006/4xxx/CVE-2006-4900.json index c2380e6126e..d5a923f94e5 100644 --- a/2006/4xxx/CVE-2006-4900.json +++ b/2006/4xxx/CVE-2006-4900.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via \"..\" sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446611/100/0/threaded" - }, - { - "name" : "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446716/100/0/threaded" - }, - { - "name" : "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt", - "refsource" : "MISC", - "url" : "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt" - }, - { - "name" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617" - }, - { - "name" : "20139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20139" - }, - { - "name" : "ADV-2006-3738", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3738" - }, - { - "name" : "29010", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29010" - }, - { - "name" : "1016910", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016910" - }, - { - "name" : "22023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22023" - }, - { - "name" : "ca-etrust-esmpauditservlet-dir-traversal(29104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via \"..\" sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt", + "refsource": "MISC", + "url": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt" + }, + { + "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9" + }, + { + "name": "1016910", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016910" + }, + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617" + }, + { + "name": "22023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22023" + }, + { + "name": "29010", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29010" + }, + { + "name": "ca-etrust-esmpauditservlet-dir-traversal(29104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29104" + }, + { + "name": "20139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20139" + }, + { + "name": "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446716/100/0/threaded" + }, + { + "name": "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446611/100/0/threaded" + }, + { + "name": "ADV-2006-3738", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3738" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6571.json b/2006/6xxx/CVE-2006-6571.json index 1f72bcae34f..45bf2bcbd77 100644 --- a/2006/6xxx/CVE-2006-6571.json +++ b/2006/6xxx/CVE-2006-6571.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061214 GenesisTrader v1.0 - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454385/100/0/threaded" - }, - { - "name" : "21595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21595" - }, - { - "name" : "2035", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2035" - }, - { - "name" : "genesis-index-form-xss(30890)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21595" + }, + { + "name": "20061214 GenesisTrader v1.0 - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454385/100/0/threaded" + }, + { + "name": "2035", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2035" + }, + { + "name": "genesis-index-form-xss(30890)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30890" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6960.json b/2006/6xxx/CVE-2006-6960.json index 950644eec9d..0ef4ee1b389 100644 --- a/2006/6xxx/CVE-2006-6960.json +++ b/2006/6xxx/CVE-2006-6960.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060620 Multiple Bypass and Integrity Lost Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437814/100/200/threaded" - }, - { - "name" : "http://www.sentinel.gr/advisories/SGA-0001.txt", - "refsource" : "MISC", - "url" : "http://www.sentinel.gr/advisories/SGA-0001.txt" - }, - { - "name" : "27536", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27536" - }, - { - "name" : "spy-sweeper-archive-security-bypass(27266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060620 Multiple Bypass and Integrity Lost Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437814/100/200/threaded" + }, + { + "name": "spy-sweeper-archive-security-bypass(27266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27266" + }, + { + "name": "27536", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27536" + }, + { + "name": "http://www.sentinel.gr/advisories/SGA-0001.txt", + "refsource": "MISC", + "url": "http://www.sentinel.gr/advisories/SGA-0001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7013.json b/2006/7xxx/CVE-2006-7013.json index 7071ab9e427..6110586bb94 100644 --- a/2006/7xxx/CVE-2006-7013.json +++ b/2006/7xxx/CVE-2006-7013.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060601 SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435686/30/4740/threaded" - }, - { - "name" : "2256", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2256" - }, - { - "name" : "smf-xforward-ip-spoofing(27082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2256", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2256" + }, + { + "name": "smf-xforward-ip-spoofing(27082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27082" + }, + { + "name": "20060601 SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435686/30/4740/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2136.json b/2010/2xxx/CVE-2010-2136.json index 3cb3bd6fdc9..171a039deb7 100644 --- a/2010/2xxx/CVE-2010-2136.json +++ b/2010/2xxx/CVE-2010-2136.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1002-exploits/articlefriendly-lfi.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1002-exploits/articlefriendly-lfi.txt" - }, - { - "name" : "38461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38461" - }, - { - "name" : "62624", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62624" - }, - { - "name" : "38715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38715" - }, - { - "name" : "articlefriendly-index-file-include(56598)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38715" + }, + { + "name": "38461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38461" + }, + { + "name": "62624", + "refsource": "OSVDB", + "url": "http://osvdb.org/62624" + }, + { + "name": "articlefriendly-index-file-include(56598)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56598" + }, + { + "name": "http://www.packetstormsecurity.com/1002-exploits/articlefriendly-lfi.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1002-exploits/articlefriendly-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2393.json b/2010/2xxx/CVE-2010-2393.json index 09e5fa4160e..7b489120f46 100644 --- a/2010/2xxx/CVE-2010-2393.json +++ b/2010/2xxx/CVE-2010-2393.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2739.json b/2010/2xxx/CVE-2010-2739.json index 5e2b82ced18..88ed6395b02 100644 --- a/2010/2xxx/CVE-2010-2739.json +++ b/2010/2xxx/CVE-2010-2739.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ragestorm.net/blogs/?p=255", - "refsource" : "MISC", - "url" : "http://www.ragestorm.net/blogs/?p=255" - }, - { - "name" : "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx" - }, - { - "name" : "40870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40870" - }, - { - "name" : "ADV-2010-2029", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40870" + }, + { + "name": "http://www.ragestorm.net/blogs/?p=255", + "refsource": "MISC", + "url": "http://www.ragestorm.net/blogs/?p=255" + }, + { + "name": "ADV-2010-2029", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2029" + }, + { + "name": "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2948.json b/2010/2xxx/CVE-2010-2948.json index 822ffecefa6..409f8687b33 100644 --- a/2010/2xxx/CVE-2010-2948.json +++ b/2010/2xxx/CVE-2010-2948.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/24/3" - }, - { - "name" : "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/25/4" - }, - { - "name" : "http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3", - "refsource" : "CONFIRM", - "url" : "http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3" - }, - { - "name" : "http://www.quagga.net/news2.php?y=2010&m=8&d=19", - "refsource" : "CONFIRM", - "url" : "http://www.quagga.net/news2.php?y=2010&m=8&d=19" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=626783", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=626783" - }, - { - "name" : "DSA-2104", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2104" - }, - { - "name" : "GLSA-201202-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201202-02.xml" - }, - { - "name" : "MDVSA-2010:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174" - }, - { - "name" : "RHSA-2010:0785", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0785.html" - }, - { - "name" : "RHSA-2010:0945", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0945.html" - }, - { - "name" : "SUSE-SR:2010:022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html" - }, - { - "name" : "SUSE-SU-2011:1316", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html" - }, - { - "name" : "USN-1027-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1027-1" - }, - { - "name" : "42635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42635" - }, - { - "name" : "41038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41038" - }, - { - "name" : "41238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41238" - }, - { - "name" : "42397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42397" - }, - { - "name" : "42446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42446" - }, - { - "name" : "42498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42498" - }, - { - "name" : "48106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48106" - }, - { - "name" : "ADV-2010-2304", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2304" - }, - { - "name" : "ADV-2010-3097", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3097" - }, - { - "name" : "ADV-2010-3124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2304", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2304" + }, + { + "name": "42635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42635" + }, + { + "name": "42498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42498" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=626783", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=626783" + }, + { + "name": "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/24/3" + }, + { + "name": "41238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41238" + }, + { + "name": "SUSE-SR:2010:022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html" + }, + { + "name": "http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3", + "refsource": "CONFIRM", + "url": "http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3" + }, + { + "name": "41038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41038" + }, + { + "name": "GLSA-201202-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201202-02.xml" + }, + { + "name": "42397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42397" + }, + { + "name": "DSA-2104", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2104" + }, + { + "name": "USN-1027-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1027-1" + }, + { + "name": "42446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42446" + }, + { + "name": "SUSE-SU-2011:1316", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html" + }, + { + "name": "MDVSA-2010:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174" + }, + { + "name": "48106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48106" + }, + { + "name": "ADV-2010-3097", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3097" + }, + { + "name": "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/25/4" + }, + { + "name": "RHSA-2010:0785", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html" + }, + { + "name": "RHSA-2010:0945", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html" + }, + { + "name": "http://www.quagga.net/news2.php?y=2010&m=8&d=19", + "refsource": "CONFIRM", + "url": "http://www.quagga.net/news2.php?y=2010&m=8&d=19" + }, + { + "name": "ADV-2010-3124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3124" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3342.json b/2010/3xxx/CVE-2010-3342.json index 5a3145f8c3b..f9e40ee0e8e 100644 --- a/2010/3xxx/CVE-2010-3342.json +++ b/2010/3xxx/CVE-2010-3342.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka \"Cross-Domain Information Disclosure Vulnerability,\" a different vulnerability than CVE-2010-3348." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" - }, - { - "name" : "oval:org.mitre.oval:def:11447", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11447" - }, - { - "name" : "1024872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka \"Cross-Domain Information Disclosure Vulnerability,\" a different vulnerability than CVE-2010-3348." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" + }, + { + "name": "oval:org.mitre.oval:def:11447", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11447" + }, + { + "name": "1024872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024872" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3489.json b/2010/3xxx/CVE-2010-3489.json index d88b7f0199d..f1c52f3e7eb 100644 --- a/2010/3xxx/CVE-2010-3489.json +++ b/2010/3xxx/CVE-2010-3489.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1009-exploits/ZSL-2010-4964.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/ZSL-2010-4964.txt" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4964.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4964.php" - }, - { - "name" : "43290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43290" - }, - { - "name" : "68128", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/68128" - }, - { - "name" : "41475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4964.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4964.php" + }, + { + "name": "41475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41475" + }, + { + "name": "43290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43290" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/ZSL-2010-4964.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/ZSL-2010-4964.txt" + }, + { + "name": "68128", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/68128" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3555.json b/2010/3xxx/CVE-2010-3555.json index 460f08389fe..0117474eccd 100644 --- a/2010/3xxx/CVE-2010-3555.json +++ b/2010/3xxx/CVE-2010-3555.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-207/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-207/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0987", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "44038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44038" - }, - { - "name" : "oval:org.mitre.oval:def:11320", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11320" - }, - { - "name" : "oval:org.mitre.oval:def:12222", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12222" - }, - { - "name" : "42974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42974" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "oval:org.mitre.oval:def:12222", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12222" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "oval:org.mitre.oval:def:11320", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11320" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-207/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-207/" + }, + { + "name": "44038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44038" + }, + { + "name": "RHSA-2010:0987", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "42974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42974" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0147.json b/2011/0xxx/CVE-2011-0147.json index ce878980273..a33208bffb3 100644 --- a/2011/0xxx/CVE-2011-0147.json +++ b/2011/0xxx/CVE-2011-0147.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:16488", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:16488", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16488" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0601.json b/2011/0xxx/CVE-2011-0601.json index 6671b8c5731..0a883a33402 100644 --- a/2011/0xxx/CVE-2011-0601.json +++ b/2011/0xxx/CVE-2011-0601.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0601", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0601", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0835.json b/2011/0xxx/CVE-2011-0835.json index be3d546675f..a5eeedbd7bd 100644 --- a/2011/0xxx/CVE-2011-0835.json +++ b/2011/0xxx/CVE-2011-0835.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0880." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0880." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0951.json b/2011/0xxx/CVE-2011-0951.json index adee74ebe3a..7df0790e44b 100644 --- a/2011/0xxx/CVE-2011-0951.json +++ b/2011/0xxx/CVE-2011-0951.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110330 Cisco Secure Access Control System Unauthorized Password Change Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml" - }, - { - "name" : "47093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47093" - }, - { - "name" : "1025271", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025271" - }, - { - "name" : "43924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43924" - }, - { - "name" : "ADV-2011-0821", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0821" - }, - { - "name" : "cisco-acs-interface-security-bypass(66471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43924" + }, + { + "name": "1025271", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025271" + }, + { + "name": "ADV-2011-0821", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0821" + }, + { + "name": "20110330 Cisco Secure Access Control System Unauthorized Password Change Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml" + }, + { + "name": "cisco-acs-interface-security-bypass(66471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66471" + }, + { + "name": "47093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47093" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1167.json b/2011/1xxx/CVE-2011-1167.json index 2cbfb86592b..d211d1886d6 100644 --- a/2011/1xxx/CVE-2011-1167.json +++ b/2011/1xxx/CVE-2011-1167.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517101/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-107", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-107" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2300", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2300" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=684939", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=684939" - }, - { - "name" : "http://blackberry.com/btsc/KB27244", - "refsource" : "CONFIRM", - "url" : "http://blackberry.com/btsc/KB27244" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "DSA-2210", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2210" - }, - { - "name" : "FEDORA-2011-3827", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html" - }, - { - "name" : "FEDORA-2011-3836", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html" - }, - { - "name" : "GLSA-201209-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" - }, - { - "name" : "MDVSA-2011:064", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064" - }, - { - "name" : "RHSA-2011:0392", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0392.html" - }, - { - "name" : "SSA:2011-098-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820" - }, - { - "name" : "SUSE-SR:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" - }, - { - "name" : "USN-1102-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1102-1" - }, - { - "name" : "46951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46951" - }, - { - "name" : "71256", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71256" - }, - { - "name" : "1025257", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025257" - }, - { - "name" : "43900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43900" - }, - { - "name" : "43934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43934" - }, - { - "name" : "44117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44117" - }, - { - "name" : "44135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44135" - }, - { - "name" : "43974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43974" - }, - { - "name" : "50726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50726" - }, - { - "name" : "8165", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8165" - }, - { - "name" : "ADV-2011-0795", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0795" - }, - { - "name" : "ADV-2011-0845", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0845" - }, - { - "name" : "ADV-2011-0859", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0859" - }, - { - "name" : "ADV-2011-0860", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0860" - }, - { - "name" : "ADV-2011-0905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0905" - }, - { - "name" : "ADV-2011-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0930" - }, - { - "name" : "ADV-2011-0960", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0960" - }, - { - "name" : "libtiff-thundercode-decoder-bo(66247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0795", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0795" + }, + { + "name": "43974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43974" + }, + { + "name": "USN-1102-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1102-1" + }, + { + "name": "ADV-2011-0845", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0845" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=684939", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684939" + }, + { + "name": "ADV-2011-0860", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0860" + }, + { + "name": "SUSE-SR:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "SSA:2011-098-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "43900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43900" + }, + { + "name": "71256", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71256" + }, + { + "name": "43934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43934" + }, + { + "name": "46951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46951" + }, + { + "name": "FEDORA-2011-3836", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html" + }, + { + "name": "ADV-2011-0905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0905" + }, + { + "name": "DSA-2210", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2210" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "libtiff-thundercode-decoder-bo(66247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247" + }, + { + "name": "http://blackberry.com/btsc/KB27244", + "refsource": "CONFIRM", + "url": "http://blackberry.com/btsc/KB27244" + }, + { + "name": "1025257", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025257" + }, + { + "name": "20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517101/100/0/threaded" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2300", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2300" + }, + { + "name": "GLSA-201209-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + }, + { + "name": "ADV-2011-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0930" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-107", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-107" + }, + { + "name": "44135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44135" + }, + { + "name": "ADV-2011-0960", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0960" + }, + { + "name": "8165", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8165" + }, + { + "name": "MDVSA-2011:064", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064" + }, + { + "name": "ADV-2011-0859", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0859" + }, + { + "name": "44117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44117" + }, + { + "name": "RHSA-2011:0392", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0392.html" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "FEDORA-2011-3827", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "50726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50726" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1329.json b/2011/1xxx/CVE-2011-1329.json index 26c42ded0e9..31648b757aa 100644 --- a/2011/1xxx/CVE-2011-1329.json +++ b/2011/1xxx/CVE-2011-1329.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://digit.que.ne.jp/work/index.cgi?WalRack", - "refsource" : "CONFIRM", - "url" : "http://digit.que.ne.jp/work/index.cgi?WalRack" - }, - { - "name" : "http://digit.que.ne.jp/work/index.cgi?WalRack2", - "refsource" : "CONFIRM", - "url" : "http://digit.que.ne.jp/work/index.cgi?WalRack2" - }, - { - "name" : "http://jvn.jp/en/jp/JVN46984044/54827/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN46984044/54827/index.html" - }, - { - "name" : "JVN#46984044", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN46984044/index.html" - }, - { - "name" : "JVNDB-2011-000032", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000032" - }, - { - "name" : "48001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48001" - }, - { - "name" : "walrack-uploaded-files-code-exec(67641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#46984044", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN46984044/index.html" + }, + { + "name": "48001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48001" + }, + { + "name": "http://digit.que.ne.jp/work/index.cgi?WalRack2", + "refsource": "CONFIRM", + "url": "http://digit.que.ne.jp/work/index.cgi?WalRack2" + }, + { + "name": "walrack-uploaded-files-code-exec(67641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67641" + }, + { + "name": "JVNDB-2011-000032", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000032" + }, + { + "name": "http://jvn.jp/en/jp/JVN46984044/54827/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN46984044/54827/index.html" + }, + { + "name": "http://digit.que.ne.jp/work/index.cgi?WalRack", + "refsource": "CONFIRM", + "url": "http://digit.que.ne.jp/work/index.cgi?WalRack" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1499.json b/2011/1xxx/CVE-2011-1499.json index b53243c1767..f03ae5f7a5a 100644 --- a/2011/1xxx/CVE-2011-1499.json +++ b/2011/1xxx/CVE-2011-1499.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/07/9" - }, - { - "name" : "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/08/3" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493" - }, - { - "name" : "https://banu.com/bugzilla/show_bug.cgi?id=90", - "refsource" : "CONFIRM", - "url" : "https://banu.com/bugzilla/show_bug.cgi?id=90" - }, - { - "name" : "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4", - "refsource" : "CONFIRM", - "url" : "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=694658", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=694658" - }, - { - "name" : "DSA-2222", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2222" - }, - { - "name" : "44274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44274" - }, - { - "name" : "tinyproxy-aclc-sec-bypass(67256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694658", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658" + }, + { + "name": "44274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44274" + }, + { + "name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/08/3" + }, + { + "name": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4", + "refsource": "CONFIRM", + "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4" + }, + { + "name": "tinyproxy-aclc-sec-bypass(67256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256" + }, + { + "name": "https://banu.com/bugzilla/show_bug.cgi?id=90", + "refsource": "CONFIRM", + "url": "https://banu.com/bugzilla/show_bug.cgi?id=90" + }, + { + "name": "DSA-2222", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2222" + }, + { + "name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/07/9" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1904.json b/2011/1xxx/CVE-2011-1904.json index ac27363fd23..3ec0af91a03 100644 --- a/2011/1xxx/CVE-2011-1904.json +++ b/2011/1xxx/CVE-2011-1904.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a \"command injection\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php", - "refsource" : "MISC", - "url" : "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php" - }, - { - "name" : "https://support.proofpoint.com/article.cgi?article_id=338413", - "refsource" : "MISC", - "url" : "https://support.proofpoint.com/article.cgi?article_id=338413" - }, - { - "name" : "VU#790980", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/790980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a \"command injection\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.proofpoint.com/article.cgi?article_id=338413", + "refsource": "MISC", + "url": "https://support.proofpoint.com/article.cgi?article_id=338413" + }, + { + "name": "VU#790980", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/790980" + }, + { + "name": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php", + "refsource": "MISC", + "url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5166.json b/2011/5xxx/CVE-2011-5166.json index 5a3f9e1decf..6cd9cf74902 100644 --- a/2011/5xxx/CVE-2011-5166.json +++ b/2011/5xxx/CVE-2011-5166.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110902 KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-09/0015.html" - }, - { - "name" : "17819", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17819" - }, - { - "name" : "17856", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17856" - }, - { - "name" : "17870", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17870" - }, - { - "name" : "18089", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18089" - }, - { - "name" : "75147", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/75147" - }, - { - "name" : "45907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45907" - }, - { - "name" : "knftpd-multiple-commands-bo(69557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45907" + }, + { + "name": "17856", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17856" + }, + { + "name": "20110902 KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0015.html" + }, + { + "name": "18089", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18089" + }, + { + "name": "knftpd-multiple-commands-bo(69557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69557" + }, + { + "name": "75147", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/75147" + }, + { + "name": "17819", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17819" + }, + { + "name": "17870", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17870" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5309.json b/2011/5xxx/CVE-2011-5309.json index f1bcc920587..7c0ae11c408 100644 --- a/2011/5xxx/CVE-2011-5309.json +++ b/2011/5xxx/CVE-2011-5309.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22826", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB22826", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22826" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3119.json b/2014/3xxx/CVE-2014-3119.json index 55209867161..be0eb35357f 100644 --- a/2014/3xxx/CVE-2014-3119.json +++ b/2014/3xxx/CVE-2014-3119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3161.json b/2014/3xxx/CVE-2014-3161.json index 71b0818d682..227ef00d401 100644 --- a/2014/3xxx/CVE-2014-3161.json +++ b/2014/3xxx/CVE-2014-3161.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=334204", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=334204" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=266396&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=266396&view=revision" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=266396&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=266396&view=revision" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=334204", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=334204" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3257.json b/2014/3xxx/CVE-2014-3257.json index 22e3e15918b..b246f915eea 100644 --- a/2014/3xxx/CVE-2014-3257.json +++ b/2014/3xxx/CVE-2014-3257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3688.json b/2014/3xxx/CVE-2014-3688.json index 82e7f5980af..cfb65e1afa7 100644 --- a/2014/3xxx/CVE-2014-3688.json +++ b/2014/3xxx/CVE-2014-3688.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141113 Linux kernel: SCTP issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/13/8" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26b87c7881006311828bb0ab271a551a62dcceb4", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26b87c7881006311828bb0ab271a551a62dcceb4" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155745", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155745" - }, - { - "name" : "https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4" - }, - { - "name" : "DSA-3060", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3060" - }, - { - "name" : "HPSBGN03282", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142722544401658&w=2" - }, - { - "name" : "HPSBGN03285", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142722450701342&w=2" - }, - { - "name" : "RHSA-2015:0062", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0062.html" - }, - { - "name" : "RHSA-2015:0115", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0115.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:0652", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:0736", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" - }, - { - "name" : "USN-2417-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2417-1" - }, - { - "name" : "USN-2418-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2418-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141113 Linux kernel: SCTP issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/13/8" + }, + { + "name": "HPSBGN03285", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142722450701342&w=2" + }, + { + "name": "SUSE-SU-2015:0736", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" + }, + { + "name": "USN-2418-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2418-1" + }, + { + "name": "SUSE-SU-2015:0652", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" + }, + { + "name": "RHSA-2015:0062", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html" + }, + { + "name": "USN-2417-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2417-1" + }, + { + "name": "HPSBGN03282", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142722544401658&w=2" + }, + { + "name": "DSA-3060", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3060" + }, + { + "name": "https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26b87c7881006311828bb0ab271a551a62dcceb4", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26b87c7881006311828bb0ab271a551a62dcceb4" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155745", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155745" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" + }, + { + "name": "RHSA-2015:0115", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6326.json b/2014/6xxx/CVE-2014-6326.json index 16bae5957d5..45219a2d67a 100644 --- a/2014/6xxx/CVE-2014-6326.json +++ b/2014/6xxx/CVE-2014-6326.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"OWA XSS Vulnerability,\" a different vulnerability than CVE-2014-6325." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-075", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"OWA XSS Vulnerability,\" a different vulnerability than CVE-2014-6325." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-075", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6385.json b/2014/6xxx/CVE-2014-6385.json index 0c0df0e0dca..bbadad2d051 100644 --- a/2014/6xxx/CVE-2014-6385.json +++ b/2014/6xxx/CVE-2014-6385.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R2, and 14.2 before 14.2R1 allows remote attackers to cause a denial of service (kernel crash and restart) via a crafted fragmented OSPFv3 packet with an IPsec Authentication Header (AH)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668" - }, - { - "name" : "72072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R2, and 14.2 before 14.2R1 allows remote attackers to cause a denial of service (kernel crash and restart) via a crafted fragmented OSPFv3 packet with an IPsec Authentication Header (AH)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72072" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6546.json b/2014/6xxx/CVE-2014-6546.json index ea79cc5ae4c..0b58163c6ba 100644 --- a/2014/6xxx/CVE-2014-6546.json +++ b/2014/6xxx/CVE-2014-6546.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70453" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6728.json b/2014/6xxx/CVE-2014-6728.json index 88080f39163..7d475891791 100644 --- a/2014/6xxx/CVE-2014-6728.json +++ b/2014/6xxx/CVE-2014-6728.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#855473", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/855473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#855473", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/855473" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7154.json b/2014/7xxx/CVE-2014-7154.json index 359ae817f5d..7abef5147ab 100644 --- a/2014/7xxx/CVE-2014-7154.json +++ b/2014/7xxx/CVE-2014-7154.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-104.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-104.html" - }, - { - "name" : "DSA-3041", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3041" - }, - { - "name" : "FEDORA-2014-12000", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html" - }, - { - "name" : "FEDORA-2014-12036", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html" - }, - { - "name" : "GLSA-201412-42", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-42.xml" - }, - { - "name" : "openSUSE-SU-2014:1279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:1281", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" - }, - { - "name" : "1030887", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030887" - }, - { - "name" : "61501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61501" - }, - { - "name" : "61890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61501" + }, + { + "name": "openSUSE-SU-2014:1281", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" + }, + { + "name": "FEDORA-2014-12000", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html" + }, + { + "name": "openSUSE-SU-2014:1279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" + }, + { + "name": "FEDORA-2014-12036", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html" + }, + { + "name": "DSA-3041", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3041" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-104.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-104.html" + }, + { + "name": "61890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61890" + }, + { + "name": "GLSA-201412-42", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-42.xml" + }, + { + "name": "1030887", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030887" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7509.json b/2014/7xxx/CVE-2014-7509.json index c9c04196a42..d6794beb4e7 100644 --- a/2014/7xxx/CVE-2014-7509.json +++ b/2014/7xxx/CVE-2014-7509.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#507697", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/507697" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#507697", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/507697" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7770.json b/2014/7xxx/CVE-2014-7770.json index 8fb19c1a72b..1c9791eb1f1 100644 --- a/2014/7xxx/CVE-2014-7770.json +++ b/2014/7xxx/CVE-2014-7770.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#205769", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/205769" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#205769", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/205769" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8034.json b/2014/8xxx/CVE-2014-8034.json index e0388df743d..65d70f96b75 100644 --- a/2014/8xxx/CVE-2014-8034.json +++ b/2014/8xxx/CVE-2014-8034.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36990", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36990" - }, - { - "name" : "20150109 Cisco WebEx Meetings Server User Enumeration Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034" - }, - { - "name" : "71978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71978" - }, - { - "name" : "1031543", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031543" - }, - { - "name" : "cisco-webex-cve20148034-info-disc(100552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150109 Cisco WebEx Meetings Server User Enumeration Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034" + }, + { + "name": "cisco-webex-cve20148034-info-disc(100552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100552" + }, + { + "name": "71978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71978" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36990", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36990" + }, + { + "name": "1031543", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031543" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2561.json b/2016/2xxx/CVE-2016-2561.json index ecc16c955ca..80687228b33 100644 --- a/2016/2xxx/CVE-2016-2561.json +++ b/2016/2xxx/CVE-2016-2561.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-12/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-12/" - }, - { - "name" : "DSA-3627", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3627" - }, - { - "name" : "FEDORA-2016-65da02b95c", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html" - }, - { - "name" : "FEDORA-2016-02ee5b4002", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html" - }, - { - "name" : "openSUSE-SU-2016:0663", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:0666", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-65da02b95c", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-12/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-12/" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e" + }, + { + "name": "DSA-3627", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3627" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372" + }, + { + "name": "FEDORA-2016-02ee5b4002", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f" + }, + { + "name": "openSUSE-SU-2016:0666", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html" + }, + { + "name": "openSUSE-SU-2016:0663", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2626.json b/2016/2xxx/CVE-2016-2626.json index 7735dbf4785..562adba4825 100644 --- a/2016/2xxx/CVE-2016-2626.json +++ b/2016/2xxx/CVE-2016-2626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2626", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2626", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2860.json b/2016/2xxx/CVE-2016-2860.json index 225500db81c..bd000ef5bf2 100644 --- a/2016/2xxx/CVE-2016-2860.json +++ b/2016/2xxx/CVE-2016-2860.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available", - "refsource" : "MLIST", - "url" : "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html" - }, - { - "name" : "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0", - "refsource" : "CONFIRM", - "url" : "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0" - }, - { - "name" : "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt" - }, - { - "name" : "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17", - "refsource" : "CONFIRM", - "url" : "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17" - }, - { - "name" : "DSA-3569", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt", + "refsource": "CONFIRM", + "url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt" + }, + { + "name": "DSA-3569", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3569" + }, + { + "name": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17", + "refsource": "CONFIRM", + "url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17" + }, + { + "name": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0", + "refsource": "CONFIRM", + "url": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0" + }, + { + "name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available", + "refsource": "MLIST", + "url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2988.json b/2016/2xxx/CVE-2016-2988.json index 301254d5004..898acb76e16 100644 --- a/2016/2xxx/CVE-2016-2988.json +++ b/2016/2xxx/CVE-2016-2988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988781", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988781", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988781" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6184.json b/2016/6xxx/CVE-2016-6184.json index fb71fcf6dd5..777e721150f 100644 --- a/2016/6xxx/CVE-2016-6184.json +++ b/2016/6xxx/CVE-2016-6184.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6183." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6183." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18043.json b/2017/18xxx/CVE-2017-18043.json index 2ea48287a8f..fdbbdc3b176 100644 --- a/2017/18xxx/CVE-2017-18043.json +++ b/2017/18xxx/CVE-2017-18043.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180119 CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/01/19/1" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854", - "refsource" : "CONFIRM", - "url" : "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854" - }, - { - "name" : "DSA-4213", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4213" - }, - { - "name" : "USN-3575-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3575-1/" - }, - { - "name" : "102759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "DSA-4213", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4213" + }, + { + "name": "[oss-security] 20180119 CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/01/19/1" + }, + { + "name": "USN-3575-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3575-1/" + }, + { + "name": "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854", + "refsource": "CONFIRM", + "url": "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854" + }, + { + "name": "102759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102759" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18142.json b/2017/18xxx/CVE-2017-18142.json index 8ea3a5767ec..d69cd0e5b30 100644 --- a/2017/18xxx/CVE-2017-18142.json +++ b/2017/18xxx/CVE-2017-18142.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9650, MDM9655, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, while processing the IMS SIP username, a buffer overflow can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9650, MDM9655, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, while processing the IMS SIP username, a buffer overflow can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1039.json b/2017/1xxx/CVE-2017-1039.json index 2efaaf9a7d7..844d9c9be02 100644 --- a/2017/1xxx/CVE-2017-1039.json +++ b/2017/1xxx/CVE-2017-1039.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1039", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1039", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1140.json b/2017/1xxx/CVE-2017-1140.json index 7f453b04c1d..f9568e709cc 100644 --- a/2017/1xxx/CVE-2017-1140.json +++ b/2017/1xxx/CVE-2017-1140.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Process Manager Advanced", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "8.5.0.1" - }, - { - "version_value" : "8.5.5" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.5.6" - }, - { - "version_value" : "8.5.0.2" - }, - { - "version_value" : "8.5.7" - }, - { - "version_value" : "8.5.7.CF201609" - }, - { - "version_value" : "8.5.6.1" - }, - { - "version_value" : "8.5.6.2" - }, - { - "version_value" : "8.5.7.CF201606" - }, - { - "version_value" : "8.5.7.CF201612" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Process Manager Advanced", + "version": { + "version_data": [ + { + "version_value": "8.0" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.5.0.1" + }, + { + "version_value": "8.5.5" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.5.6" + }, + { + "version_value": "8.5.0.2" + }, + { + "version_value": "8.5.7" + }, + { + "version_value": "8.5.7.CF201609" + }, + { + "version_value": "8.5.6.1" + }, + { + "version_value": "8.5.6.2" + }, + { + "version_value": "8.5.7.CF201606" + }, + { + "version_value": "8.5.7.CF201612" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121905", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121905" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999133", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999133" - }, - { - "name" : "97322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121905", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121905" + }, + { + "name": "97322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97322" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999133", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999133" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1733.json b/2017/1xxx/CVE-2017-1733.json index 85a55f0e46d..30289d4059d 100644 --- a/2017/1xxx/CVE-2017-1733.json +++ b/2017/1xxx/CVE-2017-1733.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-1733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "L", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "4.000", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-1733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015243", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015243" - }, - { - "name" : "103736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "L", + "C": "L", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "4.000", + "UI": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103736" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22015243", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22015243" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5252.json b/2017/5xxx/CVE-2017-5252.json index 3c2c9fd9c1e..59dcf7a0214 100644 --- a/2017/5xxx/CVE-2017-5252.json +++ b/2017/5xxx/CVE-2017-5252.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5252", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5252", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5495.json b/2017/5xxx/CVE-2017-5495.json index 372d872ba72..6488cf7cd03 100644 --- a/2017/5xxx/CVE-2017-5495.json +++ b/2017/5xxx/CVE-2017-5495.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://savannah.nongnu.org/forum/forum.php?forum_id=8783", - "refsource" : "CONFIRM", - "url" : "http://savannah.nongnu.org/forum/forum.php?forum_id=8783" - }, - { - "name" : "https://github.com/freerangerouting/frr/pull/63", - "refsource" : "CONFIRM", - "url" : "https://github.com/freerangerouting/frr/pull/63" - }, - { - "name" : "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html", - "refsource" : "CONFIRM", - "url" : "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html" - }, - { - "name" : "RHSA-2017:0794", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0794.html" - }, - { - "name" : "95745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95745" - }, - { - "name" : "1037688", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0794", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html" + }, + { + "name": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783", + "refsource": "CONFIRM", + "url": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783" + }, + { + "name": "https://github.com/freerangerouting/frr/pull/63", + "refsource": "CONFIRM", + "url": "https://github.com/freerangerouting/frr/pull/63" + }, + { + "name": "1037688", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037688" + }, + { + "name": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html", + "refsource": "CONFIRM", + "url": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html" + }, + { + "name": "95745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95745" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5501.json b/2017/5xxx/CVE-2017-5501.json index e7d31a2e24e..d3aa0832428 100644 --- a/2017/5xxx/CVE-2017-5501.json +++ b/2017/5xxx/CVE-2017-5501.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/" - }, - { - "name" : "95666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/" + }, + { + "name": "95666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95666" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5581.json b/2017/5xxx/CVE-2017-5581.json index 6043973a8b6..a670d389ab7 100644 --- a/2017/5xxx/CVE-2017-5581.json +++ b/2017/5xxx/CVE-2017-5581.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/22/1" - }, - { - "name" : "[oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/25/6" - }, - { - "name" : "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba", - "refsource" : "CONFIRM", - "url" : "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba" - }, - { - "name" : "https://github.com/TigerVNC/tigervnc/pull/399", - "refsource" : "CONFIRM", - "url" : "https://github.com/TigerVNC/tigervnc/pull/399" - }, - { - "name" : "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1", - "refsource" : "CONFIRM", - "url" : "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1" - }, - { - "name" : "GLSA-201702-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-19" - }, - { - "name" : "RHSA-2017:0630", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0630.html" - }, - { - "name" : "RHSA-2017:2000", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2000" - }, - { - "name" : "95789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/22/1" + }, + { + "name": "RHSA-2017:0630", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0630.html" + }, + { + "name": "RHSA-2017:2000", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2000" + }, + { + "name": "GLSA-201702-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-19" + }, + { + "name": "https://github.com/TigerVNC/tigervnc/pull/399", + "refsource": "CONFIRM", + "url": "https://github.com/TigerVNC/tigervnc/pull/399" + }, + { + "name": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba", + "refsource": "CONFIRM", + "url": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba" + }, + { + "name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1", + "refsource": "CONFIRM", + "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1" + }, + { + "name": "[oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/25/6" + }, + { + "name": "95789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95789" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5666.json b/2017/5xxx/CVE-2017-5666.json index 6ed5f698f61..1b9103fbdef 100644 --- a/2017/5xxx/CVE-2017-5666.json +++ b/2017/5xxx/CVE-2017-5666.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/" - }, - { - "name" : "95908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/" + }, + { + "name": "95908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95908" + } + ] + } +} \ No newline at end of file