From 776e24e8e40ea5572ea2b7f00b175f821a8284b8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:37:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0655.json | 150 +++++++-------- 2006/0xxx/CVE-2006-0667.json | 150 +++++++-------- 2006/0xxx/CVE-2006-0703.json | 190 +++++++++---------- 2006/0xxx/CVE-2006-0944.json | 170 ++++++++--------- 2006/1xxx/CVE-2006-1370.json | 180 +++++++++--------- 2006/1xxx/CVE-2006-1567.json | 170 ++++++++--------- 2006/3xxx/CVE-2006-3753.json | 160 ++++++++-------- 2006/3xxx/CVE-2006-3836.json | 170 ++++++++--------- 2006/4xxx/CVE-2006-4280.json | 150 +++++++-------- 2006/4xxx/CVE-2006-4746.json | 140 +++++++------- 2006/4xxx/CVE-2006-4904.json | 160 ++++++++-------- 2010/2xxx/CVE-2010-2105.json | 140 +++++++------- 2010/2xxx/CVE-2010-2509.json | 130 ++++++------- 2010/2xxx/CVE-2010-2531.json | 310 +++++++++++++++---------------- 2010/2xxx/CVE-2010-2956.json | 330 ++++++++++++++++----------------- 2010/3xxx/CVE-2010-3062.json | 170 ++++++++--------- 2010/3xxx/CVE-2010-3270.json | 170 ++++++++--------- 2010/3xxx/CVE-2010-3413.json | 140 +++++++------- 2010/3xxx/CVE-2010-3431.json | 270 +++++++++++++-------------- 2010/3xxx/CVE-2010-3880.json | 290 ++++++++++++++--------------- 2010/4xxx/CVE-2010-4746.json | 130 ++++++------- 2011/0xxx/CVE-2011-0281.json | 330 ++++++++++++++++----------------- 2011/0xxx/CVE-2011-0629.json | 130 ++++++------- 2011/1xxx/CVE-2011-1125.json | 160 ++++++++-------- 2011/1xxx/CVE-2011-1412.json | 250 ++++++++++++------------- 2011/1xxx/CVE-2011-1525.json | 210 ++++++++++----------- 2011/1xxx/CVE-2011-1921.json | 310 +++++++++++++++---------------- 2011/5xxx/CVE-2011-5127.json | 120 ++++++------ 2014/3xxx/CVE-2014-3020.json | 190 +++++++++---------- 2014/3xxx/CVE-2014-3609.json | 250 ++++++++++++------------- 2014/3xxx/CVE-2014-3772.json | 150 +++++++-------- 2014/3xxx/CVE-2014-3814.json | 130 ++++++------- 2014/6xxx/CVE-2014-6530.json | 150 +++++++-------- 2014/7xxx/CVE-2014-7098.json | 140 +++++++------- 2014/7xxx/CVE-2014-7227.json | 34 ++-- 2014/7xxx/CVE-2014-7838.json | 150 +++++++-------- 2014/8xxx/CVE-2014-8469.json | 160 ++++++++-------- 2014/8xxx/CVE-2014-8793.json | 190 +++++++++---------- 2014/8xxx/CVE-2014-8960.json | 170 ++++++++--------- 2014/9xxx/CVE-2014-9327.json | 34 ++-- 2016/2xxx/CVE-2016-2251.json | 34 ++-- 2016/2xxx/CVE-2016-2899.json | 34 ++-- 2016/6xxx/CVE-2016-6035.json | 120 ++++++------ 2016/6xxx/CVE-2016-6273.json | 150 +++++++-------- 2016/6xxx/CVE-2016-6317.json | 160 ++++++++-------- 2016/6xxx/CVE-2016-6764.json | 160 ++++++++-------- 2016/6xxx/CVE-2016-6871.json | 140 +++++++------- 2017/18xxx/CVE-2017-18126.json | 132 ++++++------- 2017/18xxx/CVE-2017-18265.json | 160 ++++++++-------- 2017/5xxx/CVE-2017-5015.json | 180 +++++++++--------- 2017/5xxx/CVE-2017-5670.json | 150 +++++++-------- 2017/5xxx/CVE-2017-5702.json | 34 ++-- 2017/5xxx/CVE-2017-5751.json | 34 ++-- 2017/5xxx/CVE-2017-5926.json | 140 +++++++------- 54 files changed, 4378 insertions(+), 4378 deletions(-) diff --git a/2006/0xxx/CVE-2006-0655.json b/2006/0xxx/CVE-2006-0655.json index d6ab0ddcc1b..061edd8b9d0 100644 --- a/2006/0xxx/CVE-2006-0655.json +++ b/2006/0xxx/CVE-2006-0655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060211 [eVuln] phpht Topsites Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424741/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/59/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/59/summary.html" - }, - { - "name" : "16562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16562" - }, - { - "name" : "18782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16562" + }, + { + "name": "20060211 [eVuln] phpht Topsites Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424741/100/0/threaded" + }, + { + "name": "http://evuln.com/vulns/59/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/59/summary.html" + }, + { + "name": "18782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18782" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0667.json b/2006/0xxx/CVE-2006-0667.json index c0977ab855a..c0b3f405848 100644 --- a/2006/0xxx/CVE-2006-0667.json +++ b/2006/0xxx/CVE-2006-0667.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY77624", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY77624" - }, - { - "name" : "IY77638", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY77638" - }, - { - "name" : "ADV-2005-2096", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2096" - }, - { - "name" : "1015622", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2096", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2096" + }, + { + "name": "IY77624", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY77624" + }, + { + "name": "IY77638", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY77638" + }, + { + "name": "1015622", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015622" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0703.json b/2006/0xxx/CVE-2006-0703.json index 7fa05d8d7b4..fd458afe215 100644 --- a/2006/0xxx/CVE-2006-0703.json +++ b/2006/0xxx/CVE-2006-0703.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060211 imageVue16.1 upload vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424745/30/0/threaded" - }, - { - "name" : "20060719 Re: imageVue16.1 upload vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440586/100/100/threaded" - }, - { - "name" : "20061029 Re: imageVue16.1 upload vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450047/100/100/threaded" - }, - { - "name" : "16594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16594" - }, - { - "name" : "ADV-2006-0570", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0570" - }, - { - "name" : "18802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18802" - }, - { - "name" : "429", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/429" - }, - { - "name" : "imagevue-index-sql-injection(24642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0570", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0570" + }, + { + "name": "20061029 Re: imageVue16.1 upload vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450047/100/100/threaded" + }, + { + "name": "20060211 imageVue16.1 upload vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424745/30/0/threaded" + }, + { + "name": "18802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18802" + }, + { + "name": "20060719 Re: imageVue16.1 upload vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440586/100/100/threaded" + }, + { + "name": "16594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16594" + }, + { + "name": "429", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/429" + }, + { + "name": "imagevue-index-sql-injection(24642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24642" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0944.json b/2006/0xxx/CVE-2006-0944.json index b8fb1e100be..8f71076d86b 100644 --- a/2006/0xxx/CVE-2006-0944.json +++ b/2006/0xxx/CVE-2006-0944.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060226 Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426184/100/0/threaded" - }, - { - "name" : "3859", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3859" - }, - { - "name" : "16848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16848" - }, - { - "name" : "23620", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23620" - }, - { - "name" : "1015689", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015689" - }, - { - "name" : "archangel-admin-auth-bypass(24984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015689", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015689" + }, + { + "name": "archangel-admin-auth-bypass(24984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24984" + }, + { + "name": "16848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16848" + }, + { + "name": "23620", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23620" + }, + { + "name": "20060226 Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426184/100/0/threaded" + }, + { + "name": "3859", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3859" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1370.json b/2006/1xxx/CVE-2006-1370.json index 8873b2435dc..d050c6fa536 100644 --- a/2006/1xxx/CVE-2006-1370.json +++ b/2006/1xxx/CVE-2006-1370.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.service.real.com/realplayer/security/03162006_player/en/", - "refsource" : "CONFIRM", - "url" : "http://www.service.real.com/realplayer/security/03162006_player/en/" - }, - { - "name" : "VU#451556", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/451556" - }, - { - "name" : "17202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17202" - }, - { - "name" : "ADV-2006-1057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1057" - }, - { - "name" : "1015810", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015810" - }, - { - "name" : "19358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19358" - }, - { - "name" : "realnetworks-mbc-bo(25411)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.service.real.com/realplayer/security/03162006_player/en/", + "refsource": "CONFIRM", + "url": "http://www.service.real.com/realplayer/security/03162006_player/en/" + }, + { + "name": "realnetworks-mbc-bo(25411)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411" + }, + { + "name": "19358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19358" + }, + { + "name": "ADV-2006-1057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1057" + }, + { + "name": "17202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17202" + }, + { + "name": "VU#451556", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/451556" + }, + { + "name": "1015810", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015810" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1567.json b/2006/1xxx/CVE-2006-1567.json index b96ddf3aa6c..3cc73c604ad 100644 --- a/2006/1xxx/CVE-2006-1567.json +++ b/2006/1xxx/CVE-2006-1567.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html" - }, - { - "name" : "17332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17332" - }, - { - "name" : "ADV-2006-1185", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1185" - }, - { - "name" : "24289", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24289" - }, - { - "name" : "19467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19467" - }, - { - "name" : "sitesearch-indexer-searchfield-xss(25564)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17332" + }, + { + "name": "19467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19467" + }, + { + "name": "sitesearch-indexer-searchfield-xss(25564)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25564" + }, + { + "name": "24289", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24289" + }, + { + "name": "http://pridels0.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html" + }, + { + "name": "ADV-2006-1185", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1185" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3753.json b/2006/3xxx/CVE-2006-3753.json index e2caffd16aa..3454bfae4bd 100644 --- a/2006/3xxx/CVE-2006-3753.json +++ b/2006/3xxx/CVE-2006-3753.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060717 Professional PHP Tools Guestbook Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440421/100/0/threaded" - }, - { - "name" : "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt", - "refsource" : "MISC", - "url" : "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt" - }, - { - "name" : "1016550", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016550" - }, - { - "name" : "21102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21102" - }, - { - "name" : "phptguestbook-setcookie-insecure-cookie(27775)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt", + "refsource": "MISC", + "url": "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt" + }, + { + "name": "20060717 Professional PHP Tools Guestbook Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440421/100/0/threaded" + }, + { + "name": "phptguestbook-setcookie-insecure-cookie(27775)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27775" + }, + { + "name": "21102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21102" + }, + { + "name": "1016550", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016550" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3836.json b/2006/3xxx/CVE-2006-3836.json index 63a78d2675c..44d1ec9f2af 100644 --- a/2006/3xxx/CVE-2006-3836.json +++ b/2006/3xxx/CVE-2006-3836.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060720 Unidomedia Chameleon LE/Pro Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440765/100/0/threaded" - }, - { - "name" : "19107", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19107" - }, - { - "name" : "ADV-2006-2948", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2948" - }, - { - "name" : "21156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21156" - }, - { - "name" : "1280", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1280" - }, - { - "name" : "chameleon-index-directory-traversal(27898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060720 Unidomedia Chameleon LE/Pro Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440765/100/0/threaded" + }, + { + "name": "chameleon-index-directory-traversal(27898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27898" + }, + { + "name": "ADV-2006-2948", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2948" + }, + { + "name": "19107", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19107" + }, + { + "name": "1280", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1280" + }, + { + "name": "21156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21156" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4280.json b/2006/4xxx/CVE-2006-4280.json index bde3a38a063..4cb5ed4f995 100644 --- a/2006/4xxx/CVE-2006-4280.json +++ b/2006/4xxx/CVE-2006-4280.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060817 anjel Mambo Component Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443627/100/0/threaded" - }, - { - "name" : "20060818 Re: anjel Mambo Component Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-08/0441.html" - }, - { - "name" : "28084", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28084" - }, - { - "name" : "anjel-index-file-include(28449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060818 Re: anjel Mambo Component Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0441.html" + }, + { + "name": "20060817 anjel Mambo Component Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443627/100/0/threaded" + }, + { + "name": "28084", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28084" + }, + { + "name": "anjel-index-file-include(28449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28449" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4746.json b/2006/4xxx/CVE-2006-4746.json index 6630495c412..1e18a295f85 100644 --- a/2006/4xxx/CVE-2006-4746.json +++ b/2006/4xxx/CVE-2006-4746.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060908 Web Server Creator v0.1 (l) Remote Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445725/100/0/threaded" - }, - { - "name" : "2318", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2318" - }, - { - "name" : "1568", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060908 Web Server Creator v0.1 (l) Remote Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445725/100/0/threaded" + }, + { + "name": "1568", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1568" + }, + { + "name": "2318", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2318" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4904.json b/2006/4xxx/CVE-2006-4904.json index 144aaeba483..cea3d71c882 100644 --- a/2006/4xxx/CVE-2006-4904.json +++ b/2006/4xxx/CVE-2006-4904.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00113-09182006&", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00113-09182006&" - }, - { - "name" : "20108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20108" - }, - { - "name" : "ADV-2006-3692", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3692" - }, - { - "name" : "22005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22005" - }, - { - "name" : "xcart-cmpi-code-execution(29005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22005" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00113-09182006&", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00113-09182006&" + }, + { + "name": "20108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20108" + }, + { + "name": "xcart-cmpi-code-execution(29005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29005" + }, + { + "name": "ADV-2006-3692", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3692" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2105.json b/2010/2xxx/CVE-2010-2105.json index 4a907e00664..dd29eb484ac 100644 --- a/2010/2xxx/CVE-2010-2105.json +++ b/2010/2xxx/CVE-2010-2105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=7713", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=7713" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:12113", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=7713", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=7713" + }, + { + "name": "oval:org.mitre.oval:def:12113", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12113" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2509.json b/2010/2xxx/CVE-2010-2509.json index 6f31db81585..24cd9c5e739 100644 --- a/2010/2xxx/CVE-2010-2509.json +++ b/2010/2xxx/CVE-2010-2509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14020", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14020" - }, - { - "name" : "40348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40348" + }, + { + "name": "14020", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14020" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2531.json b/2010/2xxx/CVE-2010-2531.json index 59baa387652..a27ef4257e5 100644 --- a/2010/2xxx/CVE-2010-2531.json +++ b/2010/2xxx/CVE-2010-2531.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100713 CVE request, php var_export", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/13/1" - }, - { - "name" : "[oss-security] 20100716 Re: Re: CVE request, php var_export", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/16/3" - }, - { - "name" : "http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143" - }, - { - "name" : "http://www.php.net/archive/2010.php#id2010-07-22-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2010.php#id2010-07-22-1" - }, - { - "name" : "http://www.php.net/archive/2010.php#id2010-07-22-2", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2010.php#id2010-07-22-2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=617673", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=617673" - }, - { - "name" : "http://support.apple.com/kb/HT4312", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4312" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-08-24-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "DSA-2266", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2266" - }, - { - "name" : "HPSBMA02662", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "SSRT100409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "HPSBOV02763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SSRT100826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "RHSA-2010:0919", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0919.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - }, - { - "name" : "42410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42410" - }, - { - "name" : "ADV-2010-3081", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "HPSBOV02763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "HPSBMA02662", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "[oss-security] 20100716 Re: Re: CVE request, php var_export", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/16/3" + }, + { + "name": "http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=617673", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=617673" + }, + { + "name": "DSA-2266", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2266" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "RHSA-2010:0919", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html" + }, + { + "name": "APPLE-SA-2010-08-24-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" + }, + { + "name": "[oss-security] 20100713 CVE request, php var_export", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/13/1" + }, + { + "name": "http://www.php.net/archive/2010.php#id2010-07-22-2", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2010.php#id2010-07-22-2" + }, + { + "name": "SSRT100826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "http://support.apple.com/kb/HT4312", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4312" + }, + { + "name": "42410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42410" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "SSRT100409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "http://www.php.net/archive/2010.php#id2010-07-22-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2010.php#id2010-07-22-1" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + }, + { + "name": "ADV-2010-3081", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3081" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2956.json b/2010/2xxx/CVE-2010-2956.json index 9603b0e5729..bc870b1b71a 100644 --- a/2010/2xxx/CVE-2010-2956.json +++ b/2010/2xxx/CVE-2010-2956.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515545/100/0/threaded" - }, - { - "name" : "20101027 rPSA-2010-0075-1 sudo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514489/100/0/threaded" - }, - { - "name" : "http://www.sudo.ws/sudo/alerts/runas_group.html", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/sudo/alerts/runas_group.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=628628", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=628628" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075" - }, - { - "name" : "FEDORA-2010-14355", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html" - }, - { - "name" : "GLSA-201009-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201009-03.xml" - }, - { - "name" : "MDVSA-2010:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175" - }, - { - "name" : "RHSA-2010:0675", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0675.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-983-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-983-1" - }, - { - "name" : "43019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43019" - }, - { - "name" : "1024392", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024392" - }, - { - "name" : "40508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40508" - }, - { - "name" : "41316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41316" - }, - { - "name" : "42787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42787" - }, - { - "name" : "ADV-2010-2312", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2312" - }, - { - "name" : "ADV-2010-2318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2318" - }, - { - "name" : "ADV-2010-2320", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2320" - }, - { - "name" : "ADV-2010-2358", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2358" - }, - { - "name" : "ADV-2011-0025", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2312", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2312" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=628628", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628" + }, + { + "name": "ADV-2010-2318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2318" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html" + }, + { + "name": "MDVSA-2010:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175" + }, + { + "name": "ADV-2010-2320", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2320" + }, + { + "name": "20101027 rPSA-2010-0075-1 sudo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded" + }, + { + "name": "ADV-2010-2358", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2358" + }, + { + "name": "http://www.sudo.ws/sudo/alerts/runas_group.html", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/sudo/alerts/runas_group.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075" + }, + { + "name": "FEDORA-2010-14355", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html" + }, + { + "name": "GLSA-201009-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml" + }, + { + "name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "43019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43019" + }, + { + "name": "RHSA-2010:0675", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html" + }, + { + "name": "40508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40508" + }, + { + "name": "1024392", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024392" + }, + { + "name": "42787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42787" + }, + { + "name": "ADV-2011-0025", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0025" + }, + { + "name": "USN-983-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-983-1" + }, + { + "name": "41316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41316" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3062.json b/2010/3xxx/CVE-2010-3062.json index 44cf3516dce..6701cac7240 100644 --- a/2010/3xxx/CVE-2010-3062.json +++ b/2010/3xxx/CVE-2010-3062.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html" - }, - { - "name" : "http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html" - }, - { - "name" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703" - }, - { - "name" : "http://svn.php.net/viewvc?view=revision&revision=298703", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc?view=revision&revision=298703" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html" + }, + { + "name": "http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "http://svn.php.net/viewvc?view=revision&revision=298703", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc?view=revision&revision=298703" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + }, + { + "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3270.json b/2010/3xxx/CVE-2010-3270.json index e8c51ea7ae8..5d2dc8f8651 100644 --- a/2010/3xxx/CVE-2010-3270.json +++ b/2010/3xxx/CVE-2010-3270.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110131 [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516095/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities" - }, - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355" - }, - { - "name" : "46078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46078" - }, - { - "name" : "1025015", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025015" - }, - { - "name" : "ADV-2011-0260", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025015", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025015" + }, + { + "name": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities" + }, + { + "name": "46078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46078" + }, + { + "name": "20110131 [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355" + }, + { + "name": "ADV-2011-0260", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0260" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3413.json b/2010/3xxx/CVE-2010-3413.json index 50075546b16..380004d8b01 100644 --- a/2010/3xxx/CVE-2010-3413.json +++ b/2010/3xxx/CVE-2010-3413.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=53176", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=53176" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" - }, - { - "name" : "oval:org.mitre.oval:def:6937", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" + }, + { + "name": "oval:org.mitre.oval:def:6937", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6937" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=53176", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=53176" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3431.json b/2010/3xxx/CVE-2010-3431.json index efac0bdad66..da4338e0166 100644 --- a/2010/3xxx/CVE-2010-3431.json +++ b/2010/3xxx/CVE-2010-3431.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/21/3" - }, - { - "name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/21/11" - }, - { - "name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/21/8" - }, - { - "name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/21/9" - }, - { - "name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/21/10" - }, - { - "name" : "[oss-security] 20100924 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/24/2" - }, - { - "name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/4" - }, - { - "name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/5" - }, - { - "name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/7" - }, - { - "name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/10" - }, - { - "name" : "[oss-security] 20101004 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/03/1" - }, - { - "name" : "[oss-security] 20101025 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/25/2" - }, - { - "name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a", - "refsource" : "CONFIRM", - "url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=641361", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=641361" - }, - { - "name" : "GLSA-201206-31", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml" - }, - { - "name" : "49711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/5" + }, + { + "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/21/3" + }, + { + "name": "GLSA-201206-31", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-31.xml" + }, + { + "name": "[oss-security] 20101004 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/03/1" + }, + { + "name": "[oss-security] 20100924 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/24/2" + }, + { + "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/21/9" + }, + { + "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/21/8" + }, + { + "name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/10" + }, + { + "name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a", + "refsource": "CONFIRM", + "url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a" + }, + { + "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/4" + }, + { + "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/21/10" + }, + { + "name": "49711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49711" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=641361", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=641361" + }, + { + "name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/7" + }, + { + "name": "[oss-security] 20101025 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/25/2" + }, + { + "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/21/11" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3880.json b/2010/3xxx/CVE-2010-3880.json index e057f8221ba..61bdf9eb7a0 100644 --- a/2010/3xxx/CVE-2010-3880.json +++ b/2010/3xxx/CVE-2010-3880.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[netdev] 20101103 [PATCH 2/2] inet_diag: Make sure we actually run the same bytecode we audited.", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/netdev/msg145899.html" - }, - { - "name" : "[oss-security] 20101104 CVE request: kernel: logic error in INET_DIAG bytecode auditing", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/04/9" - }, - { - "name" : "[oss-security] 20101105 Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/05/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=651264", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=651264" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "RHSA-2010:0958", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html" - }, - { - "name" : "RHSA-2011:0004", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0004.html" - }, - { - "name" : "RHSA-2011:0007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html" - }, - { - "name" : "44665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44665" - }, - { - "name" : "42126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42126" - }, - { - "name" : "42789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42789" - }, - { - "name" : "42890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42890" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "ADV-2011-0024", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42789" + }, + { + "name": "ADV-2011-0024", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0024" + }, + { + "name": "RHSA-2011:0004", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2" + }, + { + "name": "44665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44665" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=651264", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=651264" + }, + { + "name": "RHSA-2011:0007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" + }, + { + "name": "RHSA-2010:0958", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860" + }, + { + "name": "42890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42890" + }, + { + "name": "[oss-security] 20101105 Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/05/3" + }, + { + "name": "42126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42126" + }, + { + "name": "[netdev] 20101103 [PATCH 2/2] inet_diag: Make sure we actually run the same bytecode we audited.", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/netdev/msg145899.html" + }, + { + "name": "[oss-security] 20101104 CVE request: kernel: logic error in INET_DIAG bytecode auditing", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/04/9" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4746.json b/2010/4xxx/CVE-2010-4746.json index aa695dddd5f..d7c83703736 100644 --- a/2010/4xxx/CVE-2010-4746.json +++ b/2010/4xxx/CVE-2010-4746.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via \"badly behaved applications,\" related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://directory.fedoraproject.org/wiki/Release_Notes", - "refsource" : "CONFIRM", - "url" : "http://directory.fedoraproject.org/wiki/Release_Notes" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=663597", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=663597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via \"badly behaved applications,\" related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://directory.fedoraproject.org/wiki/Release_Notes", + "refsource": "CONFIRM", + "url": "http://directory.fedoraproject.org/wiki/Release_Notes" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=663597", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663597" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0281.json b/2011/0xxx/CVE-2011-0281.json index d7ba920a2c1..c8efc13bcd7 100644 --- a/2011/0xxx/CVE-2011-0281.json +++ b/2011/0xxx/CVE-2011-0281.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516299/100/0/threaded" - }, - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[kerberos] 20101222 LDAP handle unavailable: Can't contact LDAP server", - "refsource" : "MLIST", - "url" : "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "MDVSA-2011:024", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024" - }, - { - "name" : "MDVSA-2011:025", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025" - }, - { - "name" : "RHSA-2011:0199", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0199.html" - }, - { - "name" : "RHSA-2011:0200", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0200.html" - }, - { - "name" : "SUSE-SR:2011:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html" - }, - { - "name" : "46265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46265" - }, - { - "name" : "1025037", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025037" - }, - { - "name" : "43260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43260" - }, - { - "name" : "43273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43273" - }, - { - "name" : "43275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43275" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "8073", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8073" - }, - { - "name" : "ADV-2011-0330", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0330" - }, - { - "name" : "ADV-2011-0333", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0333" - }, - { - "name" : "ADV-2011-0347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0347" - }, - { - "name" : "ADV-2011-0464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0464" - }, - { - "name" : "kerberos-ldap-descriptor-dos(65324)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:025", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025" + }, + { + "name": "46265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46265" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "ADV-2011-0347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0347" + }, + { + "name": "43260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43260" + }, + { + "name": "ADV-2011-0333", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0333" + }, + { + "name": "RHSA-2011:0199", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html" + }, + { + "name": "43273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43273" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt" + }, + { + "name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded" + }, + { + "name": "1025037", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025037" + }, + { + "name": "SUSE-SR:2011:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "MDVSA-2011:024", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024" + }, + { + "name": "ADV-2011-0464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0464" + }, + { + "name": "8073", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8073" + }, + { + "name": "kerberos-ldap-descriptor-dos(65324)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324" + }, + { + "name": "ADV-2011-0330", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0330" + }, + { + "name": "[kerberos] 20101222 LDAP handle unavailable: Can't contact LDAP server", + "refsource": "MLIST", + "url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html" + }, + { + "name": "43275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43275" + }, + { + "name": "RHSA-2011:0200", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0629.json b/2011/0xxx/CVE-2011-0629.json index 99bc6f9dd21..bed21afd229 100644 --- a/2011/0xxx/CVE-2011-0629.json +++ b/2011/0xxx/CVE-2011-0629.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-14.html" - }, - { - "name" : "coldfusion-unspec-csrf(68027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coldfusion-unspec-csrf(68027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68027" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1125.json b/2011/1xxx/CVE-2011-1125.json index a56dcafa5d4..c9990f70619 100644 --- a/2011/1xxx/CVE-2011-1125.json +++ b/2011/1xxx/CVE-2011-1125.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=73235", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=73235" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" - }, - { - "name" : "46614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46614" - }, - { - "name" : "oval:org.mitre.oval:def:14368", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14368" - }, - { - "name" : "google-chrome-layouts-dos(65743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14368", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14368" + }, + { + "name": "google-chrome-layouts-dos(65743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65743" + }, + { + "name": "46614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46614" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=73235", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=73235" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1412.json b/2011/1xxx/CVE-2011-1412.json index 32b8ab96354..d5e943b4c81 100644 --- a/2011/1xxx/CVE-2011-1412.json +++ b/2011/1xxx/CVE-2011-1412.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110728 Two security issues fixed in ioQuake3 engine", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519051/100/0/threaded" - }, - { - "name" : "20110728 Two security issues fixed in ioQuake3 engine", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html" - }, - { - "name" : "http://svn.icculus.org/quake3?view=rev&revision=2097", - "refsource" : "CONFIRM", - "url" : "http://svn.icculus.org/quake3?view=rev&revision=2097" - }, - { - "name" : "http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff", - "refsource" : "CONFIRM", - "url" : "http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff" - }, - { - "name" : "http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html", - "refsource" : "CONFIRM", - "url" : "http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725951", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725951" - }, - { - "name" : "FEDORA-2011-9898", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html" - }, - { - "name" : "GLSA-201706-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-23" - }, - { - "name" : "48915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48915" - }, - { - "name" : "74137", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74137" - }, - { - "name" : "45417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45417" - }, - { - "name" : "45468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45468" - }, - { - "name" : "8324", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8324" - }, - { - "name" : "ioquake-idtech-command-execution(68869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110728 Two security issues fixed in ioQuake3 engine", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html" + }, + { + "name": "http://svn.icculus.org/quake3?view=rev&revision=2097", + "refsource": "CONFIRM", + "url": "http://svn.icculus.org/quake3?view=rev&revision=2097" + }, + { + "name": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff", + "refsource": "CONFIRM", + "url": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff" + }, + { + "name": "45468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45468" + }, + { + "name": "http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html", + "refsource": "CONFIRM", + "url": "http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html" + }, + { + "name": "ioquake-idtech-command-execution(68869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68869" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=725951", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725951" + }, + { + "name": "74137", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74137" + }, + { + "name": "48915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48915" + }, + { + "name": "20110728 Two security issues fixed in ioQuake3 engine", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519051/100/0/threaded" + }, + { + "name": "8324", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8324" + }, + { + "name": "GLSA-201706-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-23" + }, + { + "name": "45417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45417" + }, + { + "name": "FEDORA-2011-9898", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1525.json b/2011/1xxx/CVE-2011-1525.json index 7372e770952..3a18d8a2024 100644 --- a/2011/1xxx/CVE-2011-1525.json +++ b/2011/1xxx/CVE-2011-1525.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110321 Heap overflow in RealPlayer 14.0.1.633", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517083/100/0/threaded" - }, - { - "name" : "17019", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17019" - }, - { - "name" : "http://aluigi.org/adv/real_5-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/real_5-adv.txt" - }, - { - "name" : "http://service.real.com/realplayer/security/04122011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/04122011_player/en/" - }, - { - "name" : "46946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46946" - }, - { - "name" : "71260", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71260" - }, - { - "name" : "1025245", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025245" - }, - { - "name" : "43847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43847" - }, - { - "name" : "8181", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8181" - }, - { - "name" : "realplayer-ivr-bo(66209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43847" + }, + { + "name": "http://service.real.com/realplayer/security/04122011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/04122011_player/en/" + }, + { + "name": "71260", + "refsource": "OSVDB", + "url": "http://osvdb.org/71260" + }, + { + "name": "realplayer-ivr-bo(66209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66209" + }, + { + "name": "http://aluigi.org/adv/real_5-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/real_5-adv.txt" + }, + { + "name": "46946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46946" + }, + { + "name": "1025245", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025245" + }, + { + "name": "20110321 Heap overflow in RealPlayer 14.0.1.633", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517083/100/0/threaded" + }, + { + "name": "8181", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8181" + }, + { + "name": "17019", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17019" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1921.json b/2011/1xxx/CVE-2011-1921.json index 56626eacecc..03c897d85db 100644 --- a/2011/1xxx/CVE-2011-1921.json +++ b/2011/1xxx/CVE-2011-1921.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://subversion.apache.org/security/CVE-2011-1921-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2011-1921-advisory.txt" - }, - { - "name" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=709114", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=709114" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "DSA-2251", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2251" - }, - { - "name" : "FEDORA-2011-8341", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html" - }, - { - "name" : "FEDORA-2011-8352", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html" - }, - { - "name" : "MDVSA-2011:106", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106" - }, - { - "name" : "RHSA-2011:0862", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0862.html" - }, - { - "name" : "USN-1144-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1144-1" - }, - { - "name" : "48091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48091" - }, - { - "name" : "oval:org.mitre.oval:def:18999", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999" - }, - { - "name" : "1025619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025619" - }, - { - "name" : "44633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44633" - }, - { - "name" : "44681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44681" - }, - { - "name" : "45162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45162" - }, - { - "name" : "44849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44849" - }, - { - "name" : "44888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44888" - }, - { - "name" : "subversion-control-rules-info-disc(67804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2251", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2251" + }, + { + "name": "USN-1144-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1144-1" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "MDVSA-2011:106", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106" + }, + { + "name": "44849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44849" + }, + { + "name": "RHSA-2011:0862", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0862.html" + }, + { + "name": "FEDORA-2011-8341", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709114", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709114" + }, + { + "name": "44888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44888" + }, + { + "name": "http://subversion.apache.org/security/CVE-2011-1921-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2011-1921-advisory.txt" + }, + { + "name": "1025619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025619" + }, + { + "name": "oval:org.mitre.oval:def:18999", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "45162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45162" + }, + { + "name": "subversion-control-rules-info-disc(67804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67804" + }, + { + "name": "44681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44681" + }, + { + "name": "48091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48091" + }, + { + "name": "FEDORA-2011-8352", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html" + }, + { + "name": "44633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44633" + }, + { + "name": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5127.json b/2011/5xxx/CVE-2011-5127.json index d67e79e2773..2084c0ae3e7 100644 --- a/2011/5xxx/CVE-2011-5127.json +++ b/2011/5xxx/CVE-2011-5127.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA60", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA60" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA60", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA60" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3020.json b/2014/3xxx/CVE-2014-3020.json index 3a29507d1c2..17a80b231b8 100644 --- a/2014/3xxx/CVE-2014-3020.json +++ b/2014/3xxx/CVE-2014-3020.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679952", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679952" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680841", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680841" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680254", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680254" - }, - { - "name" : "69034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69034" - }, - { - "name" : "59687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59687" - }, - { - "name" : "60552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60552" - }, - { - "name" : "59795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59795" - }, - { - "name" : "ibm-tip-ewas-cve20143020-install(93056)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59687" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952" + }, + { + "name": "69034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69034" + }, + { + "name": "ibm-tip-ewas-cve20143020-install(93056)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254" + }, + { + "name": "60552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60552" + }, + { + "name": "59795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59795" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3609.json b/2014/3xxx/CVE-2014-3609.json index 05c963f5a5f..0aded51f3b4 100644 --- a/2014/3xxx/CVE-2014-3609.json +++ b/2014/3xxx/CVE-2014-3609.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "DSA-3014", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3014" - }, - { - "name" : "DSA-3139", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3139" - }, - { - "name" : "RHSA-2014:1147", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1147.html" - }, - { - "name" : "SUSE-SU-2014:1140", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html" - }, - { - "name" : "openSUSE-SU-2014:1144", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html" - }, - { - "name" : "USN-2327-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2327-1" - }, - { - "name" : "69453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69453" - }, - { - "name" : "60179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60179" - }, - { - "name" : "60334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60334" - }, - { - "name" : "61320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61320" - }, - { - "name" : "61412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61320" + }, + { + "name": "60179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60179" + }, + { + "name": "SUSE-SU-2014:1140", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html" + }, + { + "name": "USN-2327-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2327-1" + }, + { + "name": "DSA-3139", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3139" + }, + { + "name": "openSUSE-SU-2014:1144", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html" + }, + { + "name": "DSA-3014", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3014" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt" + }, + { + "name": "RHSA-2014:1147", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1147.html" + }, + { + "name": "60334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60334" + }, + { + "name": "69453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69453" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch" + }, + { + "name": "61412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61412" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3772.json b/2014/3xxx/CVE-2014-3772.json index e0eb5471155..4ee21444752 100644 --- a/2014/3xxx/CVE-2014-3772.json +++ b/2014/3xxx/CVE-2014-3772.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/18/2" - }, - { - "name" : "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/19/5" - }, - { - "name" : "http://teampass.net/installation/2.1.20-released.html", - "refsource" : "CONFIRM", - "url" : "http://teampass.net/installation/2.1.20-released.html" - }, - { - "name" : "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f", - "refsource" : "CONFIRM", - "url" : "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2" + }, + { + "name": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f", + "refsource": "CONFIRM", + "url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f" + }, + { + "name": "http://teampass.net/installation/2.1.20-released.html", + "refsource": "CONFIRM", + "url": "http://teampass.net/installation/2.1.20-released.html" + }, + { + "name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3814.json b/2014/3xxx/CVE-2014-3814.json index e44752f84ab..7044da3c437 100644 --- a/2014/3xxx/CVE-2014-3814.json +++ b/2014/3xxx/CVE-2014-3814.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632" - }, - { - "name" : "59026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632" + }, + { + "name": "59026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59026" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6530.json b/2014/6xxx/CVE-2014-6530.json index 9fff8ba4601..7ba2f2c59db 100644 --- a/2014/6xxx/CVE-2014-6530.json +++ b/2014/6xxx/CVE-2014-6530.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "70486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70486" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7098.json b/2014/7xxx/CVE-2014-7098.json index 39fed819025..f7709428186 100644 --- a/2014/7xxx/CVE-2014-7098.json +++ b/2014/7xxx/CVE-2014-7098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fylet Secure Large File Sender (aka com.application.fyletFileSender) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#388897", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/388897" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fylet Secure Large File Sender (aka com.application.fyletFileSender) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#388897", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/388897" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7227.json b/2014/7xxx/CVE-2014-7227.json index 0ce6855276e..9c952ed493e 100644 --- a/2014/7xxx/CVE-2014-7227.json +++ b/2014/7xxx/CVE-2014-7227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7227", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. Notes: All CVE users should reference CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7227", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. Notes: All CVE users should reference CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7838.json b/2014/7xxx/CVE-2014-7838.json index 962e0ca71f2..e46ed3ecfb1 100644 --- a/2014/7xxx/CVE-2014-7838.json +++ b/2014/7xxx/CVE-2014-7838.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141117 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/17/11" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=275164", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=275164" - }, - { - "name" : "1031215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031215" + }, + { + "name": "[oss-security] 20141117 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/17/11" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=275164", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=275164" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8469.json b/2014/8xxx/CVE-2014-8469.json index 591fb2be71a..a207f55a952 100644 --- a/2014/8xxx/CVE-2014-8469.json +++ b/2014/8xxx/CVE-2014-8469.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35274", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35274" - }, - { - "name" : "20141118 PHPFox XSS AdminCP", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/50" - }, - { - "name" : "http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html" - }, - { - "name" : "71180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71180" - }, - { - "name" : "phpfox-cve20148469-xss(98727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141118 PHPFox XSS AdminCP", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/50" + }, + { + "name": "phpfox-cve20148469-xss(98727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98727" + }, + { + "name": "http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html" + }, + { + "name": "71180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71180" + }, + { + "name": "35274", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35274" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8793.json b/2014/8xxx/CVE-2014-8793.json index 67d22e0e4e0..66ea30de200 100644 --- a/2014/8xxx/CVE-2014-8793.json +++ b/2014/8xxx/CVE-2014-8793.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141217 Cross-Site Scripting (XSS) in Revive Adserver", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534269/100/0/threaded" - }, - { - "name" : "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534264/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23242", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23242" - }, - { - "name" : "http://www.revive-adserver.com/security/revive-sa-2014-002/", - "refsource" : "CONFIRM", - "url" : "http://www.revive-adserver.com/security/revive-sa-2014-002/" - }, - { - "name" : "https://github.com/revive-adserver/revive-adserver/commit/2be73f9", - "refsource" : "CONFIRM", - "url" : "https://github.com/revive-adserver/revive-adserver/commit/2be73f9" - }, - { - "name" : "71718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html" + }, + { + "name": "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded" + }, + { + "name": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9", + "refsource": "CONFIRM", + "url": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9" + }, + { + "name": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html" + }, + { + "name": "20141217 Cross-Site Scripting (XSS) in Revive Adserver", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534269/100/0/threaded" + }, + { + "name": "71718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71718" + }, + { + "name": "http://www.revive-adserver.com/security/revive-sa-2014-002/", + "refsource": "CONFIRM", + "url": "http://www.revive-adserver.com/security/revive-sa-2014-002/" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23242", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23242" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8960.json b/2014/8xxx/CVE-2014-8960.json index 1168216aa03..9a7cf4b50f9 100644 --- a/2014/8xxx/CVE-2014-8960.json +++ b/2014/8xxx/CVE-2014-8960.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233" - }, - { - "name" : "GLSA-201505-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201505-03" - }, - { - "name" : "MDVSA-2014:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:228" - }, - { - "name" : "openSUSE-SU-2014:1561", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html" - }, - { - "name" : "71244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201505-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201505-03" + }, + { + "name": "openSUSE-SU-2014:1561", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233" + }, + { + "name": "71244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71244" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php" + }, + { + "name": "MDVSA-2014:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:228" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9327.json b/2014/9xxx/CVE-2014-9327.json index 8517927207e..9c3960e57ab 100644 --- a/2014/9xxx/CVE-2014-9327.json +++ b/2014/9xxx/CVE-2014-9327.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9327", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9327", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2251.json b/2016/2xxx/CVE-2016-2251.json index 3359cdf38ab..8004f8cbd2b 100644 --- a/2016/2xxx/CVE-2016-2251.json +++ b/2016/2xxx/CVE-2016-2251.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2251", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2251", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2899.json b/2016/2xxx/CVE-2016-2899.json index 5ff2ac0701b..479cb549df5 100644 --- a/2016/2xxx/CVE-2016-2899.json +++ b/2016/2xxx/CVE-2016-2899.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2899", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2899", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6035.json b/2016/6xxx/CVE-2016-6035.json index bf25b15c107..e892f2d89a4 100644 --- a/2016/6xxx/CVE-2016-6035.json +++ b/2016/6xxx/CVE-2016-6035.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22002429", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22002429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22002429", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22002429" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6273.json b/2016/6xxx/CVE-2016-6273.json index 2aeba66c6dd..92214bfd7ed 100644 --- a/2016/6xxx/CVE-2016-6273.json +++ b/2016/6xxx/CVE-2016-6273.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2016-29", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-29" - }, - { - "name" : "http://support.citrix.com/article/CTX217430", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX217430" - }, - { - "name" : "93450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93450" - }, - { - "name" : "1037008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2016-29", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-29" + }, + { + "name": "1037008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037008" + }, + { + "name": "http://support.citrix.com/article/CTX217430", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX217430" + }, + { + "name": "93450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93450" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6317.json b/2016/6xxx/CVE-2016-6317.json index f4c357ef3a3..ca3427bf3c8 100644 --- a/2016/6xxx/CVE-2016-6317.json +++ b/2016/6xxx/CVE-2016-6317.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/11/4" - }, - { - "name" : "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA" - }, - { - "name" : "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" - }, - { - "name" : "RHSA-2016:1855", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1855.html" - }, - { - "name" : "92434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92434" + }, + { + "name": "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4" + }, + { + "name": "RHSA-2016:1855", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" + }, + { + "name": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" + }, + { + "name": "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6764.json b/2016/6xxx/CVE-2016-6764.json index cb0649a6525..8a57322ec3a 100644 --- a/2016/6xxx/CVE-2016-6764.json +++ b/2016/6xxx/CVE-2016-6764.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94688" + }, + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6871.json b/2016/6xxx/CVE-2016-6871.json index 6c78e7ae72e..9ea3ff96e65 100644 --- a/2016/6xxx/CVE-2016-6871.json +++ b/2016/6xxx/CVE-2016-6871.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160811 CVE Requests Facebook HHVM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/11/1" - }, - { - "name" : "[oss-security] 20160818 Re: CVE Requests Facebook HHVM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/19/1" - }, - { - "name" : "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475", - "refsource" : "CONFIRM", - "url" : "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160811 CVE Requests Facebook HHVM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/11/1" + }, + { + "name": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475", + "refsource": "CONFIRM", + "url": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475" + }, + { + "name": "[oss-security] 20160818 Re: CVE Requests Facebook HHVM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18126.json b/2017/18xxx/CVE-2017-18126.json index f119d471ee6..c18d98583c5 100644 --- a/2017/18xxx/CVE-2017-18126.json +++ b/2017/18xxx/CVE-2017-18126.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Insufficiently Random Values in WLAN." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Insufficiently Random Values in WLAN." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18265.json b/2017/18xxx/CVE-2017-18265.json index e2d3fd715c5..370fb589412 100644 --- a/2017/18xxx/CVE-2017-18265.json +++ b/2017/18xxx/CVE-2017-18265.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/875829", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/875829" - }, - { - "name" : "https://hg.prosody.im/0.9/rev/176b7f4e4ac9", - "refsource" : "MISC", - "url" : "https://hg.prosody.im/0.9/rev/176b7f4e4ac9" - }, - { - "name" : "https://hg.prosody.im/0.9/rev/adfffc5b4e2a", - "refsource" : "MISC", - "url" : "https://hg.prosody.im/0.9/rev/adfffc5b4e2a" - }, - { - "name" : "https://prosody.im/issues/issue/987", - "refsource" : "MISC", - "url" : "https://prosody.im/issues/issue/987" - }, - { - "name" : "DSA-4198", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4198", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4198" + }, + { + "name": "https://hg.prosody.im/0.9/rev/176b7f4e4ac9", + "refsource": "MISC", + "url": "https://hg.prosody.im/0.9/rev/176b7f4e4ac9" + }, + { + "name": "https://hg.prosody.im/0.9/rev/adfffc5b4e2a", + "refsource": "MISC", + "url": "https://hg.prosody.im/0.9/rev/adfffc5b4e2a" + }, + { + "name": "https://prosody.im/issues/issue/987", + "refsource": "MISC", + "url": "https://prosody.im/issues/issue/987" + }, + { + "name": "https://bugs.debian.org/875829", + "refsource": "MISC", + "url": "https://bugs.debian.org/875829" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5015.json b/2017/5xxx/CVE-2017-5015.json index 6800dd397c5..4541d455ba0 100644 --- a/2017/5xxx/CVE-2017-5015.json +++ b/2017/5xxx/CVE-2017-5015.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/673971", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/673971" - }, - { - "name" : "DSA-3776", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3776" - }, - { - "name" : "GLSA-201701-66", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-66" - }, - { - "name" : "RHSA-2017:0206", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html" - }, - { - "name" : "95792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95792" - }, - { - "name" : "1037718", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95792" + }, + { + "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201701-66", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-66" + }, + { + "name": "RHSA-2017:0206", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html" + }, + { + "name": "https://crbug.com/673971", + "refsource": "CONFIRM", + "url": "https://crbug.com/673971" + }, + { + "name": "1037718", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037718" + }, + { + "name": "DSA-3776", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3776" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5670.json b/2017/5xxx/CVE-2017-5670.json index a5d1e461382..ca0a87d428e 100644 --- a/2017/5xxx/CVE-2017-5670.json +++ b/2017/5xxx/CVE-2017-5670.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Feb/25", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Feb/25" - }, - { - "name" : "https://supportkb.riverbed.com/support/index?page=content&id=S30065", - "refsource" : "MISC", - "url" : "https://supportkb.riverbed.com/support/index?page=content&id=S30065" - }, - { - "name" : "https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/" - }, - { - "name" : "96175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Feb/25", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Feb/25" + }, + { + "name": "https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/" + }, + { + "name": "96175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96175" + }, + { + "name": "https://supportkb.riverbed.com/support/index?page=content&id=S30065", + "refsource": "MISC", + "url": "https://supportkb.riverbed.com/support/index?page=content&id=S30065" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5702.json b/2017/5xxx/CVE-2017-5702.json index aad32b4cb3b..dc9dd069286 100644 --- a/2017/5xxx/CVE-2017-5702.json +++ b/2017/5xxx/CVE-2017-5702.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5702", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5702", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5751.json b/2017/5xxx/CVE-2017-5751.json index 95c027c4354..5db35053d1a 100644 --- a/2017/5xxx/CVE-2017-5751.json +++ b/2017/5xxx/CVE-2017-5751.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5751", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5751", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5926.json b/2017/5xxx/CVE-2017-5926.json index c66dcb9a78e..3a56c7b6e81 100644 --- a/2017/5xxx/CVE-2017-5926.json +++ b/2017/5xxx/CVE-2017-5926.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf" - }, - { - "name" : "https://www.vusec.net/projects/anc", - "refsource" : "MISC", - "url" : "https://www.vusec.net/projects/anc" - }, - { - "name" : "96457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf", + "refsource": "MISC", + "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf" + }, + { + "name": "96457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96457" + }, + { + "name": "https://www.vusec.net/projects/anc", + "refsource": "MISC", + "url": "https://www.vusec.net/projects/anc" + } + ] + } +} \ No newline at end of file