From 7a7d563c9640bb53b20337a39f8a93ca83534290 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 07:21:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0105.json | 200 ++++++++++----------- 2006/0xxx/CVE-2006-0835.json | 170 +++++++++--------- 2006/3xxx/CVE-2006-3534.json | 180 +++++++++---------- 2006/3xxx/CVE-2006-3601.json | 140 +++++++-------- 2006/3xxx/CVE-2006-3661.json | 130 +++++++------- 2006/3xxx/CVE-2006-3750.json | 180 +++++++++---------- 2006/3xxx/CVE-2006-3788.json | 220 +++++++++++------------ 2006/4xxx/CVE-2006-4131.json | 210 +++++++++++----------- 2006/4xxx/CVE-2006-4197.json | 320 ++++++++++++++++----------------- 2006/4xxx/CVE-2006-4757.json | 140 +++++++-------- 2006/4xxx/CVE-2006-4943.json | 120 ++++++------- 2010/2xxx/CVE-2010-2012.json | 160 ++++++++--------- 2010/2xxx/CVE-2010-2255.json | 160 ++++++++--------- 2010/2xxx/CVE-2010-2420.json | 150 ++++++++-------- 2010/2xxx/CVE-2010-2834.json | 130 +++++++------- 2010/3xxx/CVE-2010-3143.json | 140 +++++++-------- 2010/3xxx/CVE-2010-3267.json | 170 +++++++++--------- 2010/3xxx/CVE-2010-3626.json | 200 ++++++++++----------- 2010/3xxx/CVE-2010-3910.json | 160 ++++++++--------- 2011/0xxx/CVE-2011-0753.json | 150 ++++++++-------- 2011/1xxx/CVE-2011-1271.json | 140 +++++++-------- 2011/1xxx/CVE-2011-1342.json | 140 +++++++-------- 2011/1xxx/CVE-2011-1413.json | 170 +++++++++--------- 2011/5xxx/CVE-2011-5156.json | 120 ++++++------- 2014/3xxx/CVE-2014-3540.json | 34 ++-- 2014/3xxx/CVE-2014-3597.json | 290 +++++++++++++++--------------- 2014/3xxx/CVE-2014-3801.json | 170 +++++++++--------- 2014/6xxx/CVE-2014-6108.json | 130 +++++++------- 2014/6xxx/CVE-2014-6473.json | 150 ++++++++-------- 2014/6xxx/CVE-2014-6979.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7723.json | 140 +++++++-------- 2014/8xxx/CVE-2014-8015.json | 130 +++++++------- 2014/8xxx/CVE-2014-8053.json | 34 ++-- 2014/8xxx/CVE-2014-8082.json | 190 ++++++++++---------- 2014/8xxx/CVE-2014-8307.json | 130 +++++++------- 2014/8xxx/CVE-2014-8990.json | 220 +++++++++++------------ 2016/2xxx/CVE-2016-2054.json | 170 +++++++++--------- 2016/2xxx/CVE-2016-2120.json | 156 ++++++++-------- 2016/2xxx/CVE-2016-2145.json | 140 +++++++-------- 2016/2xxx/CVE-2016-2370.json | 170 +++++++++--------- 2016/2xxx/CVE-2016-2402.json | 150 ++++++++-------- 2016/2xxx/CVE-2016-2513.json | 240 ++++++++++++------------- 2017/18xxx/CVE-2017-18047.json | 140 +++++++-------- 2017/18xxx/CVE-2017-18244.json | 120 ++++++------- 2017/18xxx/CVE-2017-18345.json | 140 +++++++-------- 2017/1xxx/CVE-2017-1880.json | 34 ++-- 2017/5xxx/CVE-2017-5233.json | 130 +++++++------- 2017/5xxx/CVE-2017-5700.json | 132 +++++++------- 48 files changed, 3740 insertions(+), 3740 deletions(-) diff --git a/2006/0xxx/CVE-2006-0105.json b/2006/0xxx/CVE-2006-0105.json index a84c77c41bc..27ab3a0d783 100644 --- a/2006/0xxx/CVE-2006-0105.json +++ b/2006/0xxx/CVE-2006-0105.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060111 PostgreSQL security releases 8.0.6 and 8.1.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421592/100/0/threaded" - }, - { - "name" : "[pgsql-announce] 20060109 CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-announce/2006-01/msg00001.php" - }, - { - "name" : "http://www.postgresql.org/about/news.456", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news.456" - }, - { - "name" : "16201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16201" - }, - { - "name" : "ADV-2006-0114", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0114" - }, - { - "name" : "1015482", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015482" - }, - { - "name" : "18419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18419" - }, - { - "name" : "327", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/327" - }, - { - "name" : "postgresql-connection-request-dos(24049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0114", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0114" + }, + { + "name": "1015482", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015482" + }, + { + "name": "18419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18419" + }, + { + "name": "http://www.postgresql.org/about/news.456", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news.456" + }, + { + "name": "327", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/327" + }, + { + "name": "postgresql-connection-request-dos(24049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24049" + }, + { + "name": "20060111 PostgreSQL security releases 8.0.6 and 8.1.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421592/100/0/threaded" + }, + { + "name": "[pgsql-announce] 20060109 CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-announce/2006-01/msg00001.php" + }, + { + "name": "16201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16201" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0835.json b/2006/0xxx/CVE-2006-0835.json index d639f2c2fe0..76439ee9471 100644 --- a/2006/0xxx/CVE-2006-0835.json +++ b/2006/0xxx/CVE-2006-0835.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060215 Web Calendar Pro - Denial of Service SQL Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0340.html" - }, - { - "name" : "http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt", - "refsource" : "MISC", - "url" : "http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt" - }, - { - "name" : "16789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16789" - }, - { - "name" : "ADV-2006-0700", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0700" - }, - { - "name" : "18902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18902" - }, - { - "name" : "webcalendarpro-dropbase-sql-injection(24729)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060215 Web Calendar Pro - Denial of Service SQL Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0340.html" + }, + { + "name": "18902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18902" + }, + { + "name": "ADV-2006-0700", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0700" + }, + { + "name": "webcalendarpro-dropbase-sql-injection(24729)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24729" + }, + { + "name": "http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt", + "refsource": "MISC", + "url": "http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt" + }, + { + "name": "16789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16789" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3534.json b/2006/3xxx/CVE-2006-3534.json index 1f257b7508b..e2a80f45e65 100644 --- a/2006/3xxx/CVE-2006-3534.json +++ b/2006/3xxx/CVE-2006-3534.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing \"/content\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=136721", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=136721" - }, - { - "name" : "http://people.ksp.sk/~goober/advisory/001-shoutcast.html", - "refsource" : "MISC", - "url" : "http://people.ksp.sk/~goober/advisory/001-shoutcast.html" - }, - { - "name" : "http://www.shoutcast.com/#news", - "refsource" : "CONFIRM", - "url" : "http://www.shoutcast.com/#news" - }, - { - "name" : "GLSA-200607-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200607-05.xml" - }, - { - "name" : "ADV-2006-2801", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2801" - }, - { - "name" : "1016493", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016493" - }, - { - "name" : "20524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing \"/content\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://people.ksp.sk/~goober/advisory/001-shoutcast.html", + "refsource": "MISC", + "url": "http://people.ksp.sk/~goober/advisory/001-shoutcast.html" + }, + { + "name": "1016493", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016493" + }, + { + "name": "20524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20524" + }, + { + "name": "ADV-2006-2801", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2801" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=136721", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=136721" + }, + { + "name": "http://www.shoutcast.com/#news", + "refsource": "CONFIRM", + "url": "http://www.shoutcast.com/#news" + }, + { + "name": "GLSA-200607-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200607-05.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3601.json b/2006/3xxx/CVE-2006-3601.json index 10deb4e9757..d171918eb77 100644 --- a/2006/3xxx/CVE-2006-3601.json +++ b/2006/3xxx/CVE-2006-3601.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zone-h.org/content/view/4770/31/", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/content/view/4770/31/" - }, - { - "name" : "18522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18522" - }, - { - "name" : "1016332", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016332", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016332" + }, + { + "name": "18522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18522" + }, + { + "name": "http://www.zone-h.org/content/view/4770/31/", + "refsource": "MISC", + "url": "http://www.zone-h.org/content/view/4770/31/" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3661.json b/2006/3xxx/CVE-2006-3661.json index 21a38a1aedd..346aea6bb3a 100644 --- a/2006/3xxx/CVE-2006-3661.json +++ b/2006/3xxx/CVE-2006-3661.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.virangar.org", - "refsource" : "MISC", - "url" : "http://www.virangar.org" - }, - { - "name" : "18918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.virangar.org", + "refsource": "MISC", + "url": "http://www.virangar.org" + }, + { + "name": "18918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18918" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3750.json b/2006/3xxx/CVE-2006-3750.json index 67290c0d9fb..57470704bfb 100644 --- a/2006/3xxx/CVE-2006-3750.json +++ b/2006/3xxx/CVE-2006-3750.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt" - }, - { - "name" : "2026", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2026" - }, - { - "name" : "ADV-2006-2802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2802" - }, - { - "name" : "21053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21053" - }, - { - "name" : "1249", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1249" - }, - { - "name" : "hashcash-server-file-include(27720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html" + }, + { + "name": "ADV-2006-2802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2802" + }, + { + "name": "hashcash-server-file-include(27720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27720" + }, + { + "name": "2026", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2026" + }, + { + "name": "1249", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1249" + }, + { + "name": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt" + }, + { + "name": "21053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21053" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3788.json b/2006/3xxx/CVE-2006-3788.json index a2710ba0eee..1fe27ff818e 100644 --- a/2006/3xxx/CVE-2006-3788.json +++ b/2006/3xxx/CVE-2006-3788.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060716 Multiple vulnerabilities in UFO2000 svn 1057", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440293/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/ufo2ko-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ufo2ko-adv.txt" - }, - { - "name" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log", - "refsource" : "CONFIRM", - "url" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log" - }, - { - "name" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log", - "refsource" : "CONFIRM", - "url" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log" - }, - { - "name" : "GLSA-200702-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml" - }, - { - "name" : "ADV-2006-2837", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2837" - }, - { - "name" : "1016503", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016503" - }, - { - "name" : "21091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21091" - }, - { - "name" : "24297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24297" - }, - { - "name" : "1259", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1259" - }, - { - "name" : "ufo2000-recvaddunit-bo(27798)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016503", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016503" + }, + { + "name": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log", + "refsource": "CONFIRM", + "url": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log" + }, + { + "name": "20060716 Multiple vulnerabilities in UFO2000 svn 1057", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440293/100/0/threaded" + }, + { + "name": "1259", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1259" + }, + { + "name": "24297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24297" + }, + { + "name": "21091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21091" + }, + { + "name": "GLSA-200702-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml" + }, + { + "name": "ADV-2006-2837", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2837" + }, + { + "name": "http://aluigi.altervista.org/adv/ufo2ko-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ufo2ko-adv.txt" + }, + { + "name": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log", + "refsource": "CONFIRM", + "url": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log" + }, + { + "name": "ufo2000-recvaddunit-bo(27798)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27798" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4131.json b/2006/4xxx/CVE-2006-4131.json index c957fe9ca54..f4b81418b1c 100644 --- a/2006/4xxx/CVE-2006-4131.json +++ b/2006/4xxx/CVE-2006-4131.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060810 PocketPC MMS - Remote Code Injection/Execution Vulnerability andDenial-of-Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442841/100/0/threaded" - }, - { - "name" : "20060809 PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.html" - }, - { - "name" : "http://www.arcsoft.com/support/downloads/download_patches/mms.asp", - "refsource" : "MISC", - "url" : "http://www.arcsoft.com/support/downloads/download_patches/mms.asp" - }, - { - "name" : "2156", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2156" - }, - { - "name" : "http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf", - "refsource" : "MISC", - "url" : "http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf" - }, - { - "name" : "19451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19451" - }, - { - "name" : "ADV-2006-3261", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3261" - }, - { - "name" : "21426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21426" - }, - { - "name" : "1387", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1387" - }, - { - "name" : "mmscomposer-message-bo(28342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19451" + }, + { + "name": "1387", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1387" + }, + { + "name": "2156", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2156" + }, + { + "name": "20060810 PocketPC MMS - Remote Code Injection/Execution Vulnerability andDenial-of-Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442841/100/0/threaded" + }, + { + "name": "http://www.arcsoft.com/support/downloads/download_patches/mms.asp", + "refsource": "MISC", + "url": "http://www.arcsoft.com/support/downloads/download_patches/mms.asp" + }, + { + "name": "20060809 PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.html" + }, + { + "name": "mmscomposer-message-bo(28342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28342" + }, + { + "name": "ADV-2006-3261", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3261" + }, + { + "name": "http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf", + "refsource": "MISC", + "url": "http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf" + }, + { + "name": "21426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21426" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4197.json b/2006/4xxx/CVE-2006-4197.json index dd5f03e8564..1d777af59bf 100644 --- a/2006/4xxx/CVE-2006-4197.json +++ b/2006/4xxx/CVE-2006-4197.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443205/100/0/threaded" - }, - { - "name" : "20060830 rPSA-2006-0161-1 libmusicbrainz", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444843/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/brainzbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/brainzbof-adv.txt" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-610", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-610" - }, - { - "name" : "DSA-1162", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1162" - }, - { - "name" : "GLSA-200610-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-09.xml" - }, - { - "name" : "MDKSA-2006:157", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:157" - }, - { - "name" : "SUSE-SR:2006:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_25_sr.html" - }, - { - "name" : "USN-363-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-363-1" - }, - { - "name" : "19508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19508" - }, - { - "name" : "1016691", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016691" - }, - { - "name" : "21404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21404" - }, - { - "name" : "21668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21668" - }, - { - "name" : "21699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21699" - }, - { - "name" : "22191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22191" - }, - { - "name" : "22393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22393" - }, - { - "name" : "22517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22517" - }, - { - "name" : "22639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22639" - }, - { - "name" : "1399", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1399" - }, - { - "name" : "libmusicbrainz-mbhttpdownload-bo(28367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28367" - }, - { - "name" : "libmusicbrainz-rdfparse-bo(28368)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1162", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1162" + }, + { + "name": "22393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22393" + }, + { + "name": "22191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22191" + }, + { + "name": "libmusicbrainz-mbhttpdownload-bo(28367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28367" + }, + { + "name": "22639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22639" + }, + { + "name": "21404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21404" + }, + { + "name": "https://issues.rpath.com/browse/RPL-610", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-610" + }, + { + "name": "USN-363-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-363-1" + }, + { + "name": "19508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19508" + }, + { + "name": "GLSA-200610-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-09.xml" + }, + { + "name": "22517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22517" + }, + { + "name": "SUSE-SR:2006:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html" + }, + { + "name": "http://aluigi.altervista.org/adv/brainzbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/brainzbof-adv.txt" + }, + { + "name": "21699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21699" + }, + { + "name": "20060830 rPSA-2006-0161-1 libmusicbrainz", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444843/100/0/threaded" + }, + { + "name": "libmusicbrainz-rdfparse-bo(28368)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28368" + }, + { + "name": "21668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21668" + }, + { + "name": "20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443205/100/0/threaded" + }, + { + "name": "1016691", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016691" + }, + { + "name": "MDKSA-2006:157", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:157" + }, + { + "name": "1399", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1399" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4757.json b/2006/4xxx/CVE-2006-4757.json index 0c709c48947..f9777b11f45 100644 --- a/2006/4xxx/CVE-2006-4757.json +++ b/2006/4xxx/CVE-2006-4757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that \"If your admins are injecting you, you might want to reconsider their access.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060901 Sql injections in e107 [Admin section]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445005/100/100/threaded" - }, - { - "name" : "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show", - "refsource" : "MISC", - "url" : "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show" - }, - { - "name" : "1569", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that \"If your admins are injecting you, you might want to reconsider their access.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1569", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1569" + }, + { + "name": "20060901 Sql injections in e107 [Admin section]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445005/100/100/threaded" + }, + { + "name": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show", + "refsource": "MISC", + "url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4943.json b/2006/4xxx/CVE-2006-4943.json index a0b4c8c5d37..9ef1c604438 100644 --- a/2006/4xxx/CVE-2006-4943.json +++ b/2006/4xxx/CVE-2006-4943.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2012.json b/2010/2xxx/CVE-2010-2012.json index 56f99f74edb..fc3444a5735 100644 --- a/2010/2xxx/CVE-2010-2012.json +++ b/2010/2xxx/CVE-2010-2012.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/migascms-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/migascms-sql.txt" - }, - { - "name" : "http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm", - "refsource" : "MISC", - "url" : "http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm" - }, - { - "name" : "40256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40256" - }, - { - "name" : "64732", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64732" - }, - { - "name" : "39878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1005-exploits/migascms-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/migascms-sql.txt" + }, + { + "name": "40256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40256" + }, + { + "name": "64732", + "refsource": "OSVDB", + "url": "http://osvdb.org/64732" + }, + { + "name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm", + "refsource": "MISC", + "url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm" + }, + { + "name": "39878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39878" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2255.json b/2010/2xxx/CVE-2010-2255.json index 67c50598a56..5c9dada23f9 100644 --- a/2010/2xxx/CVE-2010-2255.json +++ b/2010/2xxx/CVE-2010-2255.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt" - }, - { - "name" : "http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0", - "refsource" : "CONFIRM", - "url" : "http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0" - }, - { - "name" : "37585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37585" - }, - { - "name" : "61456", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61456" - }, - { - "name" : "37868", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37585" + }, + { + "name": "61456", + "refsource": "OSVDB", + "url": "http://osvdb.org/61456" + }, + { + "name": "37868", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37868" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt" + }, + { + "name": "http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0", + "refsource": "CONFIRM", + "url": "http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2420.json b/2010/2xxx/CVE-2010-2420.json index e8d7cb0da02..7dd5662e1c5 100644 --- a/2010/2xxx/CVE-2010-2420.json +++ b/2010/2xxx/CVE-2010-2420.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html", - "refsource" : "CONFIRM", - "url" : "http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html" - }, - { - "name" : "JVN#67120749", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN67120749/index.html" - }, - { - "name" : "JVNDB-2010-000025", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000025.html" - }, - { - "name" : "activegeckobrowser-unspec-code-execution(59493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#67120749", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN67120749/index.html" + }, + { + "name": "JVNDB-2010-000025", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000025.html" + }, + { + "name": "activegeckobrowser-unspec-code-execution(59493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59493" + }, + { + "name": "http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html", + "refsource": "CONFIRM", + "url": "http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2834.json b/2010/2xxx/CVE-2010-2834.json index 4760befa777..3a28baaeb36 100644 --- a/2010/2xxx/CVE-2010-2834.json +++ b/2010/2xxx/CVE-2010-2834.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml" - }, - { - "name" : "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml" + }, + { + "name": "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3143.json b/2010/3xxx/CVE-2010-3143.json index 469c5145873..4fa0b5f65f8 100644 --- a/2010/3xxx/CVE-2010-3143.json +++ b/2010/3xxx/CVE-2010-3143.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14778", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14778/" - }, - { - "name" : "oval:org.mitre.oval:def:7224", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7224" - }, - { - "name" : "ms-win-dll-code-exec(64446)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7224", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7224" + }, + { + "name": "14778", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14778/" + }, + { + "name": "ms-win-dll-code-exec(64446)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64446" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3267.json b/2010/3xxx/CVE-2010-3267.json index 6a7c1576eb6..8b708d3b65c 100644 --- a/2010/3xxx/CVE-2010-3267.json +++ b/2010/3xxx/CVE-2010-3267.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101130 CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514957/100/0/threaded" - }, - { - "name" : "15653", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15653" - }, - { - "name" : "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker" - }, - { - "name" : "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup", - "refsource" : "CONFIRM", - "url" : "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup" - }, - { - "name" : "45121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45121" - }, - { - "name" : "42418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup", + "refsource": "CONFIRM", + "url": "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup" + }, + { + "name": "15653", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15653" + }, + { + "name": "20101130 CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514957/100/0/threaded" + }, + { + "name": "45121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45121" + }, + { + "name": "42418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42418" + }, + { + "name": "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3626.json b/2010/3xxx/CVE-2010-3626.json index 8bb4699c4e1..fa112e3295d 100644 --- a/2010/3xxx/CVE-2010-3626.json +++ b/2010/3xxx/CVE-2010-3626.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7382", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7382" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "oval:org.mitre.oval:def:7382", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7382" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3910.json b/2010/3xxx/CVE-2010-3910.json index b32175307a9..a3bb6c8fb1c 100644 --- a/2010/3xxx/CVE-2010-3910.json +++ b/2010/3xxx/CVE-2010-3910.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101116 Vtiger CRM 5.2.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514846/100/0/threaded" - }, - { - "name" : "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/", - "refsource" : "MISC", - "url" : "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/" - }, - { - "name" : "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes", - "refsource" : "MISC", - "url" : "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes" - }, - { - "name" : "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt" - }, - { - "name" : "42246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt" + }, + { + "name": "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/", + "refsource": "MISC", + "url": "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/" + }, + { + "name": "42246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42246" + }, + { + "name": "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes", + "refsource": "MISC", + "url": "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes" + }, + { + "name": "20101116 Vtiger CRM 5.2.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514846/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0753.json b/2011/0xxx/CVE-2011-0753.json index 3108539dbb2..76505ce9e2d 100644 --- a/2011/0xxx/CVE-2011-0753.json +++ b/2011/0xxx/CVE-2011-0753.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.php.net/52784", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/52784" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "oval:org.mitre.oval:def:12271", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271" - }, - { - "name" : "php-pcntl-dos(65431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.php.net/52784", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/52784" + }, + { + "name": "php-pcntl-dos(65431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65431" + }, + { + "name": "oval:org.mitre.oval:def:12271", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1271.json b/2011/1xxx/CVE-2011-1271.json index 8b097b07f74..1235e447119 100644 --- a/2011/1xxx/CVE-2011-1271.json +++ b/2011/1xxx/CVE-2011-1271.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework JIT Optimization Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/", - "refsource" : "MISC", - "url" : "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/" - }, - { - "name" : "MS11-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044" - }, - { - "name" : "oval:org.mitre.oval:def:12686", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework JIT Optimization Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12686", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686" + }, + { + "name": "MS11-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044" + }, + { + "name": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/", + "refsource": "MISC", + "url": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1342.json b/2011/1xxx/CVE-2011-1342.json index b7505593bac..5c3e17b69df 100644 --- a/2011/1xxx/CVE-2011-1342.json +++ b/2011/1xxx/CVE-2011-1342.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN31506102/91216/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN31506102/91216/index.html" - }, - { - "name" : "JVN#31506102", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN31506102/index.html" - }, - { - "name" : "JVNDB-2011-000063", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2011-000063", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000063" + }, + { + "name": "JVN#31506102", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN31506102/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN31506102/91216/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN31506102/91216/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1413.json b/2011/1xxx/CVE-2011-1413.json index f7588b72c24..9ce29b73490 100644 --- a/2011/1xxx/CVE-2011-1413.json +++ b/2011/1xxx/CVE-2011-1413.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=49747", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=49747" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:13922", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13922" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-messages-dos(65949)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-messages-dos(65949)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65949" + }, + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "oval:org.mitre.oval:def:13922", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13922" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=49747", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=49747" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5156.json b/2011/5xxx/CVE-2011-5156.json index 67a742915ba..ba9e1580db6 100644 --- a/2011/5xxx/CVE-2011-5156.json +++ b/2011/5xxx/CVE-2011-5156.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45153" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3540.json b/2014/3xxx/CVE-2014-3540.json index 838c226d08b..669724d437c 100644 --- a/2014/3xxx/CVE-2014-3540.json +++ b/2014/3xxx/CVE-2014-3540.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3540", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3540", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3597.json b/2014/3xxx/CVE-2014-3597.json index dcbf0499730..1d9a363ae28 100644 --- a/2014/3xxx/CVE-2014-3597.json +++ b/2014/3xxx/CVE-2014-3597.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=67717", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=67717" - }, - { - "name" : "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3597", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3597" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-3008", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3008" - }, - { - "name" : "RHSA-2014:1326", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1326.html" - }, - { - "name" : "RHSA-2014:1327", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1327.html" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "RHSA-2014:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" - }, - { - "name" : "openSUSE-SU-2014:1133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2014:1245", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html" - }, - { - "name" : "USN-2344-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2344-1" - }, - { - "name" : "69322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69322" - }, - { - "name" : "60609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60609" - }, - { - "name" : "60696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "RHSA-2014:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" + }, + { + "name": "60609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60609" + }, + { + "name": "USN-2344-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2344-1" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "openSUSE-SU-2014:1245", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html" + }, + { + "name": "https://bugs.php.net/bug.php?id=67717", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=67717" + }, + { + "name": "RHSA-2014:1326", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "69322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69322" + }, + { + "name": "DSA-3008", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3008" + }, + { + "name": "RHSA-2014:1327", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2014-3597", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2014-3597" + }, + { + "name": "60696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60696" + }, + { + "name": "openSUSE-SU-2014:1133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3801.json b/2014/3xxx/CVE-2014-3801.json index 6ba9e853fc6..6fb060be95b 100644 --- a/2014/3xxx/CVE-2014-3801.json +++ b/2014/3xxx/CVE-2014-3801.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140520 CVE request for vulnerability in OpenStack Heat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/20/1" - }, - { - "name" : "[oss-security] 20140520 Re: CVE request for vulnerability in OpenStack Heat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/20/6" - }, - { - "name" : "https://bugs.launchpad.net/heat/+bug/1311223", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/heat/+bug/1311223" - }, - { - "name" : "RHSA-2014:1687", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1687.html" - }, - { - "name" : "USN-2249-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2249-1" - }, - { - "name" : "67505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67505" + }, + { + "name": "USN-2249-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2249-1" + }, + { + "name": "[oss-security] 20140520 CVE request for vulnerability in OpenStack Heat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/20/1" + }, + { + "name": "[oss-security] 20140520 Re: CVE request for vulnerability in OpenStack Heat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/20/6" + }, + { + "name": "https://bugs.launchpad.net/heat/+bug/1311223", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/heat/+bug/1311223" + }, + { + "name": "RHSA-2014:1687", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1687.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6108.json b/2014/6xxx/CVE-2014-6108.json index 0445d0165d6..bfca2999ca8 100644 --- a/2014/6xxx/CVE-2014-6108.json +++ b/2014/6xxx/CVE-2014-6108.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020" - }, - { - "name" : "ibm-sim-cve20146108-info-disc(96172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020" + }, + { + "name": "ibm-sim-cve20146108-info-disc(96172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6473.json b/2014/6xxx/CVE-2014-6473.json index 27d4cf75fe6..90b823c197e 100644 --- a/2014/6xxx/CVE-2014-6473.json +++ b/2014/6xxx/CVE-2014-6473.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70546" - }, - { - "name" : "1031032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031032" - }, - { - "name" : "61593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "1031032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031032" + }, + { + "name": "61593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61593" + }, + { + "name": "70546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70546" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6979.json b/2014/6xxx/CVE-2014-6979.json index 1dfa0500a48..bc60c065799 100644 --- a/2014/6xxx/CVE-2014-6979.json +++ b/2014/6xxx/CVE-2014-6979.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#714145", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/714145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#714145", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/714145" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7723.json b/2014/7xxx/CVE-2014-7723.json index de33ee281f9..dd8b40f3a83 100644 --- a/2014/7xxx/CVE-2014-7723.json +++ b/2014/7xxx/CVE-2014-7723.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#727609", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/727609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#727609", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/727609" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8015.json b/2014/8xxx/CVE-2014-8015.json index 5f9e1a690a5..8dfd1c78b85 100644 --- a/2014/8xxx/CVE-2014-8015.json +++ b/2014/8xxx/CVE-2014-8015.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141222 Cisco Identity Services Engine Portal Privilege Elevation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015" - }, - { - "name" : "1031423", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141222 Cisco Identity Services Engine Portal Privilege Elevation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015" + }, + { + "name": "1031423", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031423" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8053.json b/2014/8xxx/CVE-2014-8053.json index 284bd2fffd4..146e5c3e493 100644 --- a/2014/8xxx/CVE-2014-8053.json +++ b/2014/8xxx/CVE-2014-8053.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8053", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8053", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8082.json b/2014/8xxx/CVE-2014-8082.json index e67ebe714d8..63d8c40abb5 100644 --- a/2014/8xxx/CVE-2014-8082.json +++ b/2014/8xxx/CVE-2014-8082.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533799/100/0/threaded" - }, - { - "name" : "20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/106" - }, - { - "name" : "http://karmainsecurity.com/KIS-2014-12", - "refsource" : "MISC", - "url" : "http://karmainsecurity.com/KIS-2014-12" - }, - { - "name" : "http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html" - }, - { - "name" : "http://mantis.testlink.org/view.php?id=6651", - "refsource" : "CONFIRM", - "url" : "http://mantis.testlink.org/view.php?id=6651" - }, - { - "name" : "https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569" - }, - { - "name" : "70713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70713" - }, - { - "name" : "testlink-cve20148082-path-disclosure(97728)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/106" + }, + { + "name": "http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html" + }, + { + "name": "http://karmainsecurity.com/KIS-2014-12", + "refsource": "MISC", + "url": "http://karmainsecurity.com/KIS-2014-12" + }, + { + "name": "20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533799/100/0/threaded" + }, + { + "name": "http://mantis.testlink.org/view.php?id=6651", + "refsource": "CONFIRM", + "url": "http://mantis.testlink.org/view.php?id=6651" + }, + { + "name": "testlink-cve20148082-path-disclosure(97728)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97728" + }, + { + "name": "70713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70713" + }, + { + "name": "https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569", + "refsource": "CONFIRM", + "url": "https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8307.json b/2014/8xxx/CVE-2014-8307.json index 66ef5961bdd..a6f5293c740 100644 --- a/2014/8xxx/CVE-2014-8307.json +++ b/2014/8xxx/CVE-2014-8307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the \"drop down TOP menu (with path)\" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140916 [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/55" - }, - { - "name" : "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect", - "refsource" : "MISC", - "url" : "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the \"drop down TOP menu (with path)\" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect", + "refsource": "MISC", + "url": "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect" + }, + { + "name": "20140916 [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/55" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8990.json b/2014/8xxx/CVE-2014-8990.json index 1e1c2a52543..3379a024de1 100644 --- a/2014/8xxx/CVE-2014-8990.json +++ b/2014/8xxx/CVE-2014-8990.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141119 CVE request: lsyncd command injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/19/1" - }, - { - "name" : "[oss-security] 20141120 Re: CVE request: lsyncd command injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/20/5" - }, - { - "name" : "https://github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52", - "refsource" : "CONFIRM", - "url" : "https://github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52" - }, - { - "name" : "https://github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4", - "refsource" : "CONFIRM", - "url" : "https://github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4" - }, - { - "name" : "https://github.com/axkibe/lsyncd/issues/220", - "refsource" : "CONFIRM", - "url" : "https://github.com/axkibe/lsyncd/issues/220" - }, - { - "name" : "DSA-3130", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3130" - }, - { - "name" : "FEDORA-2014-15373", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145131.html" - }, - { - "name" : "FEDORA-2014-15393", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145114.html" - }, - { - "name" : "GLSA-201702-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-05" - }, - { - "name" : "71179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71179" - }, - { - "name" : "62321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62321" + }, + { + "name": "FEDORA-2014-15373", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145131.html" + }, + { + "name": "[oss-security] 20141119 CVE request: lsyncd command injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/19/1" + }, + { + "name": "https://github.com/axkibe/lsyncd/issues/220", + "refsource": "CONFIRM", + "url": "https://github.com/axkibe/lsyncd/issues/220" + }, + { + "name": "71179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71179" + }, + { + "name": "https://github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4", + "refsource": "CONFIRM", + "url": "https://github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4" + }, + { + "name": "FEDORA-2014-15393", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145114.html" + }, + { + "name": "DSA-3130", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3130" + }, + { + "name": "https://github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52", + "refsource": "CONFIRM", + "url": "https://github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52" + }, + { + "name": "[oss-security] 20141120 Re: CVE request: lsyncd command injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/20/5" + }, + { + "name": "GLSA-201702-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-05" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2054.json b/2016/2xxx/CVE-2016-2054.json index 2f94d272fad..2525b356d63 100644 --- a/2016/2xxx/CVE-2016-2054.json +++ b/2016/2xxx/CVE-2016-2054.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a \"config\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160214 Xymon: Critical security issues in all versions prior to 4.3.25", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537522/100/0/threaded" - }, - { - "name" : "[Xymon] 20160208 Xymon 4.3.25 - Important Security Update", - "refsource" : "MLIST", - "url" : "http://lists.xymon.com/archive/2016-February/042986.html" - }, - { - "name" : "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html" - }, - { - "name" : "https://sourceforge.net/p/xymon/code/7859/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/xymon/code/7859/" - }, - { - "name" : "https://sourceforge.net/p/xymon/code/7860/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/xymon/code/7860/" - }, - { - "name" : "DSA-3495", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a \"config\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/xymon/code/7859/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/xymon/code/7859/" + }, + { + "name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded" + }, + { + "name": "DSA-3495", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3495" + }, + { + "name": "[Xymon] 20160208 Xymon 4.3.25 - Important Security Update", + "refsource": "MLIST", + "url": "http://lists.xymon.com/archive/2016-February/042986.html" + }, + { + "name": "https://sourceforge.net/p/xymon/code/7860/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/xymon/code/7860/" + }, + { + "name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2120.json b/2016/2xxx/CVE-2016-2120.json index 0d1c27d5d8c..605da35f2fc 100644 --- a/2016/2xxx/CVE-2016-2120.json +++ b/2016/2xxx/CVE-2016-2120.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2016-2120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pdns", - "version" : { - "version_data" : [ - { - "version_value" : "up to and including 3.4.10" - }, - { - "version_value" : "up to and including 4.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-190" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pdns", + "version": { + "version_data": [ + { + "version_value": "up to and including 3.4.10" + }, + { + "version_value": "up to and including 4.0.1" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120" - }, - { - "name" : "DSA-3764", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3764", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3764" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2145.json b/2016/2xxx/CVE-2016-2145.json index 9b5fcb19f76..4814c5fd1a6 100644 --- a/2016/2xxx/CVE-2016-2145.json +++ b/2016/2xxx/CVE-2016-2145.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[modmellon] 20160309 security update: mod_auth_mellon version 0.11.1", - "refsource" : "MLIST", - "url" : "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html" - }, - { - "name" : "https://github.com/UNINETT/mod_auth_mellon/pull/71", - "refsource" : "CONFIRM", - "url" : "https://github.com/UNINETT/mod_auth_mellon/pull/71" - }, - { - "name" : "FEDORA-2016-5cf6959198", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[modmellon] 20160309 security update: mod_auth_mellon version 0.11.1", + "refsource": "MLIST", + "url": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html" + }, + { + "name": "https://github.com/UNINETT/mod_auth_mellon/pull/71", + "refsource": "CONFIRM", + "url": "https://github.com/UNINETT/mod_auth_mellon/pull/71" + }, + { + "name": "FEDORA-2016-5cf6959198", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2370.json b/2016/2xxx/CVE-2016-2370.json index bd62063886b..75a07861771 100644 --- a/2016/2xxx/CVE-2016-2370.json +++ b/2016/2xxx/CVE-2016-2370.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-2370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pidgin", - "version" : { - "version_data" : [ - { - "version_value" : "2.10.11" - } - ] - } - } - ] - }, - "vendor_name" : "Pidgin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pidgin", + "version": { + "version_data": [ + { + "version_value": "2.10.11" + } + ] + } + } + ] + }, + "vendor_name": "Pidgin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0138/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0138/" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=103", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=103" - }, - { - "name" : "DSA-3620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3620" - }, - { - "name" : "GLSA-201701-38", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-38" - }, - { - "name" : "USN-3031-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3031-1" - }, - { - "name" : "91335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91335" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0138/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/" + }, + { + "name": "DSA-3620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3620" + }, + { + "name": "http://www.pidgin.im/news/security/?id=103", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=103" + }, + { + "name": "GLSA-201701-38", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-38" + }, + { + "name": "USN-3031-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3031-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2402.json b/2016/2xxx/CVE-2016-2402.json index 0c73e4b3b1b..e5ca054c34f 100644 --- a/2016/2xxx/CVE-2016-2402.json +++ b/2016/2xxx/CVE-2016-2402.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160210 CVE request - OkHttp Certificate Pining Bypass", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/10/8" - }, - { - "name" : "[oss-security] 20160217 Re: CVE request - OkHttp Certificate Pining Bypass", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/18/7" - }, - { - "name" : "https://koz.io/pinning-cve-2016-2402/", - "refsource" : "MISC", - "url" : "https://koz.io/pinning-cve-2016-2402/" - }, - { - "name" : "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/", - "refsource" : "CONFIRM", - "url" : "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://koz.io/pinning-cve-2016-2402/", + "refsource": "MISC", + "url": "https://koz.io/pinning-cve-2016-2402/" + }, + { + "name": "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/", + "refsource": "CONFIRM", + "url": "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/" + }, + { + "name": "[oss-security] 20160210 CVE request - OkHttp Certificate Pining Bypass", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/10/8" + }, + { + "name": "[oss-security] 20160217 Re: CVE request - OkHttp Certificate Pining Bypass", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/18/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2513.json b/2016/2xxx/CVE-2016-2513.json index da843f21563..40ee937f767 100644 --- a/2016/2xxx/CVE-2016-2513.json +++ b/2016/2xxx/CVE-2016-2513.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab", - "refsource" : "CONFIRM", - "url" : "https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab" - }, - { - "name" : "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3544", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3544" - }, - { - "name" : "RHSA-2016:0504", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0504.html" - }, - { - "name" : "RHSA-2016:0502", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0502.html" - }, - { - "name" : "RHSA-2016:0505", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0505.html" - }, - { - "name" : "RHSA-2016:0506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0506.html" - }, - { - "name" : "USN-2915-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2915-1" - }, - { - "name" : "USN-2915-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2915-2" - }, - { - "name" : "USN-2915-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2915-3" - }, - { - "name" : "83878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83878" - }, - { - "name" : "1035152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0506.html" + }, + { + "name": "https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab", + "refsource": "CONFIRM", + "url": "https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab" + }, + { + "name": "1035152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035152" + }, + { + "name": "RHSA-2016:0504", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0504.html" + }, + { + "name": "DSA-3544", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3544" + }, + { + "name": "RHSA-2016:0502", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0502.html" + }, + { + "name": "USN-2915-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2915-3" + }, + { + "name": "83878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83878" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2915-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2915-2" + }, + { + "name": "RHSA-2016:0505", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0505.html" + }, + { + "name": "USN-2915-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2915-1" + }, + { + "name": "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18047.json b/2017/18xxx/CVE-2017-18047.json index d98eb371c52..29ca8f2eeff 100644 --- a/2017/18xxx/CVE-2017-18047.json +++ b/2017/18xxx/CVE-2017-18047.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42011", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42011/" - }, - { - "name" : "43236", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43236/" - }, - { - "name" : "43518", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43518/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43236", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43236/" + }, + { + "name": "43518", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43518/" + }, + { + "name": "42011", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42011/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18244.json b/2017/18xxx/CVE-2017-18244.json index 609421a0259..1cdc2789980 100644 --- a/2017/18xxx/CVE-2017-18244.json +++ b/2017/18xxx/CVE-2017-18244.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1105", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1105", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1105" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18345.json b/2017/18xxx/CVE-2017-18345.json index 379c3e2b84c..2a6177dc9af 100644 --- a/2017/18xxx/CVE-2017-18345.json +++ b/2017/18xxx/CVE-2017-18345.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44252", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44252" - }, - { - "name" : "https://cxsecurity.com/issue/WLB-2018030054", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018030054" - }, - { - "name" : "https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other", - "refsource" : "MISC", - "url" : "https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other", + "refsource": "MISC", + "url": "https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other" + }, + { + "name": "44252", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44252" + }, + { + "name": "https://cxsecurity.com/issue/WLB-2018030054", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018030054" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1880.json b/2017/1xxx/CVE-2017-1880.json index f4fcd9556a7..2e64af4a2c5 100644 --- a/2017/1xxx/CVE-2017-1880.json +++ b/2017/1xxx/CVE-2017-1880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1880", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1880", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5233.json b/2017/5xxx/CVE-2017-5233.json index 4647536cbd7..7647c387fa8 100644 --- a/2017/5xxx/CVE-2017-5233.json +++ b/2017/5xxx/CVE-2017-5233.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AppSpider Pro", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 6.14.053" - } - ] - } - } - ] - }, - "vendor_name" : "Rapid7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DLL Preloading" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AppSpider Pro", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 6.14.053" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", - "refsource" : "CONFIRM", - "url" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" - }, - { - "name" : "96957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Preloading" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", + "refsource": "CONFIRM", + "url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" + }, + { + "name": "96957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96957" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5700.json b/2017/5xxx/CVE-2017-5700.json index 9b3c36f105d..d814afed940 100644 --- a/2017/5xxx/CVE-2017-5700.json +++ b/2017/5xxx/CVE-2017-5700.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-10-06T00:00:00", - "ID" : "CVE-2017-5700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NUC Kits", - "version" : { - "version_data" : [ - { - "version_value" : "BN0049 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-10-06T00:00:00", + "ID": "CVE-2017-5700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NUC Kits", + "version": { + "version_data": [ + { + "version_value": "BN0049 and below" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr" - }, - { - "name" : "101241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr" + }, + { + "name": "101241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101241" + } + ] + } +} \ No newline at end of file