diff --git a/2006/0xxx/CVE-2006-0707.json b/2006/0xxx/CVE-2006-0707.json index 1e971d3cc5a..2b2b52d8d27 100644 --- a/2006/0xxx/CVE-2006-0707.json +++ b/2006/0xxx/CVE-2006-0707.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=391800", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=391800" - }, - { - "name" : "16641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16641" - }, - { - "name" : "ADV-2006-0571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0571" - }, - { - "name" : "18858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18858" - }, - { - "name" : "pyblosxom-pathinfo-information-disclosure(24730)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16641" + }, + { + "name": "pyblosxom-pathinfo-information-disclosure(24730)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24730" + }, + { + "name": "ADV-2006-0571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0571" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=391800", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=391800" + }, + { + "name": "18858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18858" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0762.json b/2006/0xxx/CVE-2006-0762.json index 64a893bd33b..05a1338fdc9 100644 --- a/2006/0xxx/CVE-2006-0762.json +++ b/2006/0xxx/CVE-2006-0762.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060213 Folder Guard password protection bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424855/100/0/threaded" - }, - { - "name" : "20060213 Re: Folder Guard password protection bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424905/100/0/threaded" - }, - { - "name" : "folderguard-fguard-bypass-authentication(24725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060213 Re: Folder Guard password protection bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424905/100/0/threaded" + }, + { + "name": "folderguard-fguard-bypass-authentication(24725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24725" + }, + { + "name": "20060213 Folder Guard password protection bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424855/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0885.json b/2006/0xxx/CVE-2006-0885.json index 465a0cc18a4..3240dd7e502 100644 --- a/2006/0xxx/CVE-2006-0885.json +++ b/2006/0xxx/CVE-2006-0885.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060221 [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425583" - }, - { - "name" : "http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html" - }, - { - "name" : "16740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16740" - }, - { - "name" : "ADV-2006-0685", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0685" - }, - { - "name" : "23400", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23400" - }, - { - "name" : "18981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18981" - }, - { - "name" : "cutenews-shownews-xss(24835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0685", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0685" + }, + { + "name": "http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html" + }, + { + "name": "23400", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23400" + }, + { + "name": "18981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18981" + }, + { + "name": "20060221 [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425583" + }, + { + "name": "cutenews-shownews-xss(24835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24835" + }, + { + "name": "16740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16740" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0976.json b/2006/0xxx/CVE-2006-0976.json index 5c5b4da2222..7b42fe45713 100644 --- a/2006/0xxx/CVE-2006-0976.json +++ b/2006/0xxx/CVE-2006-0976.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060225 NSA Group Security Advisory NSAG-¹201-25.02.2006 Vulnerability SPiD v1.3.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426073/100/0/threaded" - }, - { - "name" : "http://www.nsag.ru/vuln/955.html", - "refsource" : "MISC", - "url" : "http://www.nsag.ru/vuln/955.html" - }, - { - "name" : "16822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16822" - }, - { - "name" : "ADV-2006-0766", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0766" - }, - { - "name" : "19033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19033" - }, - { - "name" : "spid-scanlanginsert-file-include(24955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "spid-scanlanginsert-file-include(24955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24955" + }, + { + "name": "ADV-2006-0766", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0766" + }, + { + "name": "http://www.nsag.ru/vuln/955.html", + "refsource": "MISC", + "url": "http://www.nsag.ru/vuln/955.html" + }, + { + "name": "16822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16822" + }, + { + "name": "19033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19033" + }, + { + "name": "20060225 NSA Group Security Advisory NSAG-¹201-25.02.2006 Vulnerability SPiD v1.3.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426073/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1086.json b/2006/1xxx/CVE-2006-1086.json index c1ddba9b485..d75f42d728d 100644 --- a/2006/1xxx/CVE-2006-1086.json +++ b/2006/1xxx/CVE-2006-1086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1086", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1083. Reason: This candidate is a duplicate of CVE-2006-1083. Notes: All CVE users should reference CVE-2006-1083 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-1086", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1083. Reason: This candidate is a duplicate of CVE-2006-1083. Notes: All CVE users should reference CVE-2006-1083 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1273.json b/2006/1xxx/CVE-2006-1273.json index 4e1a7bff75e..fc393f338c3 100644 --- a/2006/1xxx/CVE-2006-1273.json +++ b/2006/1xxx/CVE-2006-1273.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that \"It is likely the reporter was running the IE Tab extension,\" and Mozilla also confirmed that this is not an issue in Firefox itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060317 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427977/100/0/threaded" - }, - { - "name" : "20060318 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428159/100/0/threaded" - }, - { - "name" : "31833", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31833" - }, - { - "name" : "593", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that \"It is likely the reporter was running the IE Tab extension,\" and Mozilla also confirmed that this is not an issue in Firefox itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31833", + "refsource": "OSVDB", + "url": "http://osvdb.org/31833" + }, + { + "name": "20060318 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428159/100/0/threaded" + }, + { + "name": "593", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/593" + }, + { + "name": "20060317 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427977/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1646.json b/2006/1xxx/CVE-2006-1646.json index d2666ff620f..64937485495 100644 --- a/2006/1xxx/CVE-2006-1646.json +++ b/2006/1xxx/CVE-2006-1646.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" - }, - { - "name" : "http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html", - "refsource" : "CONFIRM", - "url" : "http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html" - }, - { - "name" : "NetBSD-SA2006-003", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-003.txt.asc" - }, - { - "name" : "19463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" + }, + { + "name": "NetBSD-SA2006-003", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-003.txt.asc" + }, + { + "name": "http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html", + "refsource": "CONFIRM", + "url": "http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" + }, + { + "name": "19463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19463" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4717.json b/2006/4xxx/CVE-2006-4717.json index b83858a73db..3361c7c1ca9 100644 --- a/2006/4xxx/CVE-2006-4717.json +++ b/2006/4xxx/CVE-2006-4717.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/83064", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/83064" - }, - { - "name" : "19920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19920" - }, - { - "name" : "ADV-2006-3530", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3530" - }, - { - "name" : "28623", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28623" - }, - { - "name" : "21811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19920" + }, + { + "name": "ADV-2006-3530", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3530" + }, + { + "name": "21811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21811" + }, + { + "name": "http://drupal.org/node/83064", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/83064" + }, + { + "name": "28623", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28623" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5618.json b/2006/5xxx/CVE-2006-5618.json index c4265bf9195..9f54e5182cd 100644 --- a/2006/5xxx/CVE-2006-5618.json +++ b/2006/5xxx/CVE-2006-5618.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2677", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2677" - }, - { - "name" : "20789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20789" - }, - { - "name" : "ADV-2006-4259", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4259" - }, - { - "name" : "22610", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22610" - }, - { - "name" : "netref-catforaff-file-include(29889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4259", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4259" + }, + { + "name": "netref-catforaff-file-include(29889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29889" + }, + { + "name": "2677", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2677" + }, + { + "name": "20789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20789" + }, + { + "name": "22610", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22610" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5882.json b/2006/5xxx/CVE-2006-5882.json index 3639d18e4e7..9c23a9401d4 100644 --- a/2006/5xxx/CVE-2006-5882.json +++ b/2006/5xxx/CVE-2006-5882.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/mokb/MOKB-11-11-2006.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/mokb/MOKB-11-11-2006.html" - }, - { - "name" : "http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper", - "refsource" : "CONFIRM", - "url" : "http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-6VGNHW", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-6VGNHW" - }, - { - "name" : "VU#209376", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/209376" - }, - { - "name" : "ADV-2006-4460", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4460" - }, - { - "name" : "ADV-2006-4459", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4459" - }, - { - "name" : "1017212", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017212" - }, - { - "name" : "22831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22831" - }, - { - "name" : "broadcom-bcmwl5-bo(30202)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#209376", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/209376" + }, + { + "name": "1017212", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017212" + }, + { + "name": "broadcom-bcmwl5-bo(30202)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30202" + }, + { + "name": "ADV-2006-4460", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4460" + }, + { + "name": "ADV-2006-4459", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4459" + }, + { + "name": "http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper", + "refsource": "CONFIRM", + "url": "http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-6VGNHW", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-6VGNHW" + }, + { + "name": "http://projects.info-pull.com/mokb/MOKB-11-11-2006.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/mokb/MOKB-11-11-2006.html" + }, + { + "name": "22831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22831" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5954.json b/2006/5xxx/CVE-2006-5954.json index f5cfd2710c0..245a1ae8ae5 100644 --- a/2006/5xxx/CVE-2006-5954.json +++ b/2006/5xxx/CVE-2006-5954.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2780", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2780" - }, - { - "name" : "21088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21088" - }, - { - "name" : "ADV-2006-4517", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4517" - }, - { - "name" : "30411", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30411" - }, - { - "name" : "22901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22901" - }, - { - "name" : "netvios-page-sql-injection(30277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21088" + }, + { + "name": "30411", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30411" + }, + { + "name": "22901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22901" + }, + { + "name": "2780", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2780" + }, + { + "name": "netvios-page-sql-injection(30277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30277" + }, + { + "name": "ADV-2006-4517", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4517" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5998.json b/2006/5xxx/CVE-2006-5998.json index 395c8f68fbc..eac13a407f0 100644 --- a/2006/5xxx/CVE-2006-5998.json +++ b/2006/5xxx/CVE-2006-5998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5998", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5998", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0326.json b/2010/0xxx/CVE-2010-0326.json index 2f8b4de2852..64a3ffd8e14 100644 --- a/2010/0xxx/CVE-2010-0326.json +++ b/2010/0xxx/CVE-2010-0326.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/devlog/2.9.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/devlog/2.9.2/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - }, - { - "name" : "38164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/devlog/2.9.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + }, + { + "name": "38164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38164" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0797.json b/2010/0xxx/CVE-2010-0797.json index 1c8700e8d26..686da2cc73e 100644 --- a/2010/0xxx/CVE-2010-0797.json +++ b/2010/0xxx/CVE-2010-0797.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/t3blog/0.8.0/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/t3blog/0.8.0/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/" - }, - { - "name" : "38030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38030" - }, - { - "name" : "38388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38030" + }, + { + "name": "38388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38388" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/" + }, + { + "name": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2521.json b/2010/2xxx/CVE-2010-2521.json index 43c6b09c8f4..39e6f1f8445 100644 --- a/2010/2xxx/CVE-2010-2521.json +++ b/2010/2xxx/CVE-2010-2521.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[oss-security] 20100707 CVE request - kernel: nfsd4: bug in read_buf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/07/1" - }, - { - "name" : "[oss-security] 20100708 Re: CVE request - kernel: nfsd4: bug in read_buf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/09/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=612028", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=612028" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "DSA-2094", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2094" - }, - { - "name" : "MDVSA-2010:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name" : "MDVSA-2011:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name" : "RHSA-2010:0606", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0606.html" - }, - { - "name" : "RHSA-2010:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0610.html" - }, - { - "name" : "RHSA-2010:0893", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0893.html" - }, - { - "name" : "RHSA-2010:0907", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0907.html" - }, - { - "name" : "SUSE-SA:2010:040", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "42249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42249" - }, - { - "name" : "1024286", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024286" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - }, - { - "name" : "ADV-2010-3050", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html" + }, + { + "name": "RHSA-2010:0893", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0893.html" + }, + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "[oss-security] 20100707 CVE request - kernel: nfsd4: bug in read_buf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/07/1" + }, + { + "name": "RHSA-2010:0606", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0606.html" + }, + { + "name": "MDVSA-2010:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "name": "RHSA-2010:0907", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0907.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=612028", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=612028" + }, + { + "name": "SUSE-SA:2010:040", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" + }, + { + "name": "MDVSA-2011:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "DSA-2094", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2094" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc" + }, + { + "name": "1024286", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024286" + }, + { + "name": "42249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42249" + }, + { + "name": "ADV-2010-3050", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3050" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6" + }, + { + "name": "[oss-security] 20100708 Re: CVE request - kernel: nfsd4: bug in read_buf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/09/2" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3464.json b/2010/3xxx/CVE-2010-3464.json index 654e3af126d..081751caf60 100644 --- a/2010/3xxx/CVE-2010-3464.json +++ b/2010/3xxx/CVE-2010-3464.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100915 XSRF (CSRF) in SantaFox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513738/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html" - }, - { - "name" : "41465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt" + }, + { + "name": "41465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41465" + }, + { + "name": "20100915 XSRF (CSRF) in SantaFox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513738/100/0/threaded" + }, + { + "name": "http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3623.json b/2010/3xxx/CVE-2010-3623.json index 35786b5303b..22b1f38ed28 100644 --- a/2010/3xxx/CVE-2010-3623.json +++ b/2010/3xxx/CVE-2010-3623.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14129", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:14129", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14129" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3768.json b/2010/3xxx/CVE-2010-3768.json index 4395ca09621..c56a23d7826 100644 --- a/2010/3xxx/CVE-2010-3768.json +++ b/2010/3xxx/CVE-2010-3768.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=527276", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=527276" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=660420", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=660420" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100124650", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100124650" - }, - { - "name" : "FEDORA-2010-18773", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" - }, - { - "name" : "FEDORA-2010-18775", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" - }, - { - "name" : "FEDORA-2010-18777", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html" - }, - { - "name" : "FEDORA-2010-18778", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html" - }, - { - "name" : "FEDORA-2010-18890", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" - }, - { - "name" : "FEDORA-2010-18920", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" - }, - { - "name" : "MDVSA-2010:251", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" - }, - { - "name" : "MDVSA-2010:258", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258" - }, - { - "name" : "RHSA-2010:0966", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html" - }, - { - "name" : "RHSA-2010:0969", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0969.html" - }, - { - "name" : "SUSE-SA:2011:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" - }, - { - "name" : "USN-1019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1019-1" - }, - { - "name" : "USN-1020-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1020-1" - }, - { - "name" : "45352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45352" - }, - { - "name" : "oval:org.mitre.oval:def:12533", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533" - }, - { - "name" : "1024846", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024846" - }, - { - "name" : "1024848", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024848" - }, - { - "name" : "42716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42716" - }, - { - "name" : "42818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42818" - }, - { - "name" : "ADV-2011-0030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" + }, + { + "name": "FEDORA-2010-18775", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" + }, + { + "name": "oval:org.mitre.oval:def:12533", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533" + }, + { + "name": "MDVSA-2010:258", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258" + }, + { + "name": "MDVSA-2010:251", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100124650", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100124650" + }, + { + "name": "RHSA-2010:0966", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html" + }, + { + "name": "45352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45352" + }, + { + "name": "USN-1019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1019-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=660420", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420" + }, + { + "name": "RHSA-2010:0969", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html" + }, + { + "name": "42818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42818" + }, + { + "name": "1024846", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024846" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html" + }, + { + "name": "FEDORA-2010-18778", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=527276", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=527276" + }, + { + "name": "1024848", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024848" + }, + { + "name": "FEDORA-2010-18920", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" + }, + { + "name": "FEDORA-2010-18777", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html" + }, + { + "name": "ADV-2011-0030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0030" + }, + { + "name": "FEDORA-2010-18890", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" + }, + { + "name": "42716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42716" + }, + { + "name": "USN-1020-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1020-1" + }, + { + "name": "FEDORA-2010-18773", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4681.json b/2010/4xxx/CVE-2010-4681.json index 254ff2c54c2..3768339e3ea 100644 --- a/2010/4xxx/CVE-2010-4681.json +++ b/2010/4xxx/CVE-2010-4681.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" - }, - { - "name" : "45767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45767" - }, - { - "name" : "1024963", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024963" - }, - { - "name" : "42931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42931" - }, - { - "name" : "asa-smtpinspection-security-bypass(64607)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024963", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024963" + }, + { + "name": "asa-smtpinspection-security-bypass(64607)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64607" + }, + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" + }, + { + "name": "45767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45767" + }, + { + "name": "42931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42931" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4738.json b/2010/4xxx/CVE-2010-4738.json index 36595739c81..fe074ab6f52 100644 --- a/2010/4xxx/CVE-2010-4738.json +++ b/2010/4xxx/CVE-2010-4738.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt" - }, - { - "name" : "45211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45211" - }, - { - "name" : "45212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45212" - }, - { - "name" : "69627", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69627" - }, - { - "name" : "69628", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69628" - }, - { - "name" : "42515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42515" - }, - { - "name" : "8080", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8080" - }, - { - "name" : "8082", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8082" - }, - { - "name" : "8088", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45212" + }, + { + "name": "69628", + "refsource": "OSVDB", + "url": "http://osvdb.org/69628" + }, + { + "name": "http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt" + }, + { + "name": "45211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45211" + }, + { + "name": "42515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42515" + }, + { + "name": "8080", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8080" + }, + { + "name": "8082", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8082" + }, + { + "name": "69627", + "refsource": "OSVDB", + "url": "http://osvdb.org/69627" + }, + { + "name": "8088", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8088" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4753.json b/2010/4xxx/CVE-2010-4753.json index e0904984d85..2f66100831a 100644 --- a/2010/4xxx/CVE-2010-4753.json +++ b/2010/4xxx/CVE-2010-4753.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/168/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/168/45/" - }, - { - "name" : "http://www.lightneasy.org/punbb/viewtopic.php?id=1207", - "refsource" : "CONFIRM", - "url" : "http://www.lightneasy.org/punbb/viewtopic.php?id=1207" - }, - { - "name" : "42391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://holisticinfosec.org/content/view/168/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/168/45/" + }, + { + "name": "http://www.lightneasy.org/punbb/viewtopic.php?id=1207", + "refsource": "CONFIRM", + "url": "http://www.lightneasy.org/punbb/viewtopic.php?id=1207" + }, + { + "name": "42391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42391" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10054.json b/2014/10xxx/CVE-2014-10054.json index 2a83ae94790..b56fe0cdcbb 100644 --- a/2014/10xxx/CVE-2014-10054.json +++ b/2014/10xxx/CVE-2014-10054.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-10054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper access control in BTSOC." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-10054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in BTSOC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3942.json b/2014/3xxx/CVE-2014-3942.json index 84614bf49d7..e16781dc196 100644 --- a/2014/3xxx/CVE-2014-3942.json +++ b/2014/3xxx/CVE-2014-3942.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140603 Re: CVE ID request: typo3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/03/2" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/" - }, - { - "name" : "DSA-2942", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2942" - }, - { - "name" : "openSUSE-SU-2014:0813", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0813", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" + }, + { + "name": "DSA-2942", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2942" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/" + }, + { + "name": "[oss-security] 20140603 Re: CVE ID request: typo3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4193.json b/2014/4xxx/CVE-2014-4193.json index 4fe250db30a..07fe085b227 100644 --- a/2014/4xxx/CVE-2014-4193.json +++ b/2014/4xxx/CVE-2014-4193.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dualec.org/", - "refsource" : "MISC", - "url" : "http://dualec.org/" - }, - { - "name" : "http://dualec.org/DualECTLS.pdf", - "refsource" : "MISC", - "url" : "http://dualec.org/DualECTLS.pdf" - }, - { - "name" : "68191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68191" + }, + { + "name": "http://dualec.org/DualECTLS.pdf", + "refsource": "MISC", + "url": "http://dualec.org/DualECTLS.pdf" + }, + { + "name": "http://dualec.org/", + "refsource": "MISC", + "url": "http://dualec.org/" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4319.json b/2014/4xxx/CVE-2014-4319.json index 501de952e1d..2853f10ff61 100644 --- a/2014/4xxx/CVE-2014-4319.json +++ b/2014/4xxx/CVE-2014-4319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4435.json b/2014/4xxx/CVE-2014-4435.json index 9b1e86e03ce..e9aa0f5f7b1 100644 --- a/2014/4xxx/CVE-2014-4435.json +++ b/2014/4xxx/CVE-2014-4435.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"iCloud Find My Mac\" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "70638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70638" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144435-info-disc(97636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"iCloud Find My Mac\" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20144435-info-disc(97636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97636" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "70638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70638" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4584.json b/2014/4xxx/CVE-2014-4584.json index 15dc273a5ca..49138706de9 100644 --- a/2014/4xxx/CVE-2014-4584.json +++ b/2014/4xxx/CVE-2014-4584.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8471.json b/2014/8xxx/CVE-2014-8471.json index c62f7a46c44..620e004fb7f 100644 --- a/2014/8xxx/CVE-2014-8471.json +++ b/2014/8xxx/CVE-2014-8471.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx" - }, - { - "name" : "70919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70919" - }, - { - "name" : "1031214", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031214" - }, - { - "name" : "ca-cloud-cve20148471-replay(98534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70919" + }, + { + "name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx", + "refsource": "CONFIRM", + "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx" + }, + { + "name": "ca-cloud-cve20148471-replay(98534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98534" + }, + { + "name": "1031214", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031214" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8663.json b/2014/8xxx/CVE-2014-8663.json index cb951d2f0ac..a8ed8421837 100644 --- a/2014/8xxx/CVE-2014-8663.json +++ b/2014/8xxx/CVE-2014-8663.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "http://service.sap.com/sap/support/notes/0001965819", - "refsource" : "MISC", - "url" : "http://service.sap.com/sap/support/notes/0001965819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.sap.com/sap/support/notes/0001965819", + "refsource": "MISC", + "url": "http://service.sap.com/sap/support/notes/0001965819" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8682.json b/2014/8xxx/CVE-2014-8682.json index e705bedff74..0f015f20fd4 100644 --- a/2014/8xxx/CVE-2014-8682.json +++ b/2014/8xxx/CVE-2014-8682.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533995/100/0/threaded" - }, - { - "name" : "35238", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35238" - }, - { - "name" : "20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/33" - }, - { - "name" : "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html" - }, - { - "name" : "http://gogs.io/docs/intro/change_log.html", - "refsource" : "CONFIRM", - "url" : "http://gogs.io/docs/intro/change_log.html" - }, - { - "name" : "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d", - "refsource" : "CONFIRM", - "url" : "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d" - }, - { - "name" : "71187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71187" - }, - { - "name" : "gogs-cve20148682-sql-injection(98694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35238", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35238" + }, + { + "name": "gogs-cve20148682-sql-injection(98694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98694" + }, + { + "name": "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html" + }, + { + "name": "20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/33" + }, + { + "name": "http://gogs.io/docs/intro/change_log.html", + "refsource": "CONFIRM", + "url": "http://gogs.io/docs/intro/change_log.html" + }, + { + "name": "20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533995/100/0/threaded" + }, + { + "name": "71187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71187" + }, + { + "name": "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d", + "refsource": "CONFIRM", + "url": "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8736.json b/2014/8xxx/CVE-2014-8736.json index 2c9d0f09c1d..cd103b81727 100644 --- a/2014/8xxx/CVE-2014-8736.json +++ b/2014/8xxx/CVE-2014-8736.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2357295", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2357295" - }, - { - "name" : "https://www.drupal.org/node/2357279", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2357279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2357295", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2357295" + }, + { + "name": "https://www.drupal.org/node/2357279", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2357279" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9008.json b/2014/9xxx/CVE-2014-9008.json index 2a6bf41e601..d03a9fb86f5 100644 --- a/2014/9xxx/CVE-2014-9008.json +++ b/2014/9xxx/CVE-2014-9008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9192.json b/2014/9xxx/CVE-2014-9192.json index 49a9d7abd4b..5f7d7fd704c 100644 --- a/2014/9xxx/CVE-2014-9192.json +++ b/2014/9xxx/CVE-2014-9192.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-9192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02" - }, - { - "name" : "71591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02" + }, + { + "name": "71591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71591" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9613.json b/2014/9xxx/CVE-2014-9613.json index 0a6994e3c61..ed5013603bd 100644 --- a/2014/9xxx/CVE-2014-9613.json +++ b/2014/9xxx/CVE-2014-9613.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9613", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9613", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2138.json b/2016/2xxx/CVE-2016-2138.json index 75ed7d7109c..e945a900d44 100644 --- a/2016/2xxx/CVE-2016-2138.json +++ b/2016/2xxx/CVE-2016-2138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2497.json b/2016/2xxx/CVE-2016-2497.json index 61fc47cb23b..dbd4239f170 100644 --- a/2016/2xxx/CVE-2016-2497.json +++ b/2016/2xxx/CVE-2016-2497.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298" - }, - { - "name" : "92249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92249" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2575.json b/2016/2xxx/CVE-2016-2575.json index 045bb64c395..bf97451d30c 100644 --- a/2016/2xxx/CVE-2016-2575.json +++ b/2016/2xxx/CVE-2016-2575.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2575", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2575", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2813.json b/2016/2xxx/CVE-2016-2813.json index 0835f5b82c7..10bde2fc653 100644 --- a/2016/2xxx/CVE-2016-2813.json +++ b/2016/2xxx/CVE-2016-2813.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dl.acm.org/citation.cfm?id=2714650", - "refsource" : "MISC", - "url" : "http://dl.acm.org/citation.cfm?id=2714650" - }, - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-43.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-43.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1197901", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1197901" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "openSUSE-SU-2016:1251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html" - }, - { - "name" : "1035692", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035692", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035692" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1197901", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1197901" + }, + { + "name": "openSUSE-SU-2016:1251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-43.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-43.html" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "http://dl.acm.org/citation.cfm?id=2714650", + "refsource": "MISC", + "url": "http://dl.acm.org/citation.cfm?id=2714650" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3004.json b/2016/3xxx/CVE-2016-3004.json index 9ab1a47b4c7..2c854872a50 100644 --- a/2016/3xxx/CVE-2016-3004.json +++ b/2016/3xxx/CVE-2016-3004.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990864", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990864" - }, - { - "name" : "LO90039", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039" - }, - { - "name" : "94332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990864", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990864" + }, + { + "name": "LO90039", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039" + }, + { + "name": "94332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94332" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3295.json b/2016/3xxx/CVE-2016-3295.json index e2b6abd3336..2fb89b6ed80 100644 --- a/2016/3xxx/CVE-2016-3295.json +++ b/2016/3xxx/CVE-2016-3295.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-104", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" - }, - { - "name" : "MS16-105", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" - }, - { - "name" : "92830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92830" - }, - { - "name" : "1036788", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036788" - }, - { - "name" : "1036789", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036789", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036789" + }, + { + "name": "92830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92830" + }, + { + "name": "MS16-104", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" + }, + { + "name": "MS16-105", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" + }, + { + "name": "1036788", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036788" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3522.json b/2016/3xxx/CVE-2016-3522.json index 5a70fb598a2..3504ce06801 100644 --- a/2016/3xxx/CVE-2016-3522.json +++ b/2016/3xxx/CVE-2016-3522.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91861" - }, - { - "name" : "1036403", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91861" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036403", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036403" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3752.json b/2016/3xxx/CVE-2016-3752.json index 8f1125ed98f..d637599c384 100644 --- a/2016/3xxx/CVE-2016-3752.json +++ b/2016/3xxx/CVE-2016-3752.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3863.json b/2016/3xxx/CVE-2016-3863.json index a093ba51e12..dfb4ca62714 100644 --- a/2016/3xxx/CVE-2016-3863.json +++ b/2016/3xxx/CVE-2016-3863.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-09-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-09-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26" - }, - { - "name" : "92817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92817" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92817" + }, + { + "name": "http://source.android.com/security/bulletin/2016-09-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-09-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6515.json b/2016/6xxx/CVE-2016-6515.json index 706db310690..debf253d389 100644 --- a/2016/6xxx/CVE-2016-6515.json +++ b/2016/6xxx/CVE-2016-6515.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40888", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40888/" - }, - { - "name" : "[oss-security] 20160801 Announce: OpenSSH 7.3 released", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/08/01/2" - }, - { - "name" : "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" - }, - { - "name" : "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html" - }, - { - "name" : "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97", - "refsource" : "CONFIRM", - "url" : "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171130-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171130-0003/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us" - }, - { - "name" : "FEDORA-2016-4a3debc3a6", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/" - }, - { - "name" : "FreeBSD-SA-17:06", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc" - }, - { - "name" : "RHSA-2017:2029", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2029" - }, - { - "name" : "92212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92212" - }, - { - "name" : "1036487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171130-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171130-0003/" + }, + { + "name": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97", + "refsource": "CONFIRM", + "url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97" + }, + { + "name": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html" + }, + { + "name": "40888", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40888/" + }, + { + "name": "92212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92212" + }, + { + "name": "FreeBSD-SA-17:06", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "1036487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036487" + }, + { + "name": "FEDORA-2016-4a3debc3a6", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/" + }, + { + "name": "RHSA-2017:2029", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2029" + }, + { + "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/08/01/2" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6988.json b/2016/6xxx/CVE-2016-6988.json index 0875ff42d3f..9ff1db9034f 100644 --- a/2016/6xxx/CVE-2016-6988.json +++ b/2016/6xxx/CVE-2016-6988.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, and CVE-2016-6993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93491" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, and CVE-2016-6993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "93491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93491" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7114.json b/2016/7xxx/CVE-2016-7114.json index 56494c2bf09..10f43738720 100644 --- a/2016/7xxx/CVE-2016-7114.json +++ b/2016/7xxx/CVE-2016-7114.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2017-07-04T00:00:00", - "ID" : "CVE-2016-7114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2017-07-04T00:00:00", + "ID": "CVE-2016-7114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03" - }, - { - "name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf" - }, - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf" - }, - { - "name" : "92745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92745" - }, - { - "name" : "99471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92745" + }, + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03" + }, + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf" + }, + { + "name": "99471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99471" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7283.json b/2016/7xxx/CVE-2016-7283.json index 5a3bee70014..f1593bf470e 100644 --- a/2016/7xxx/CVE-2016-7283.json +++ b/2016/7xxx/CVE-2016-7283.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-144", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144" - }, - { - "name" : "94726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94726" - }, - { - "name" : "1037448", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-144", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144" + }, + { + "name": "94726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94726" + }, + { + "name": "1037448", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037448" + } + ] + } +} \ No newline at end of file