diff --git a/2006/0xxx/CVE-2006-0051.json b/2006/0xxx/CVE-2006-0051.json index 7e935a29b4f..78882372434 100644 --- a/2006/0xxx/CVE-2006-0051.json +++ b/2006/0xxx/CVE-2006-0051.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is \"fetching remote playlists\", which triggers the overflow in the http_peek function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430319/100/0/threaded" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20060404-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20060404-1.txt" - }, - { - "name" : "DSA-1023", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1023" - }, - { - "name" : "GLSA-200604-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml" - }, - { - "name" : "MDKSA-2006:065", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:065" - }, - { - "name" : "SUSE-SR:2006:008", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_08_sr.html" - }, - { - "name" : "USN-268-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/268-1/" - }, - { - "name" : "17372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17372" - }, - { - "name" : "ADV-2006-1229", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1229" - }, - { - "name" : "1015863", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015863" - }, - { - "name" : "19525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19525" - }, - { - "name" : "19540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19540" - }, - { - "name" : "19542", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19542" - }, - { - "name" : "19549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19549" - }, - { - "name" : "19557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19557" - }, - { - "name" : "19571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19571" - }, - { - "name" : "kaffeine-http-peek-bo(25631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is \"fetching remote playlists\", which triggers the overflow in the http_peek function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-268-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/268-1/" + }, + { + "name": "ADV-2006-1229", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1229" + }, + { + "name": "http://www.kde.org/info/security/advisory-20060404-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20060404-1.txt" + }, + { + "name": "19557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19557" + }, + { + "name": "17372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17372" + }, + { + "name": "MDKSA-2006:065", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:065" + }, + { + "name": "DSA-1023", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1023" + }, + { + "name": "1015863", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015863" + }, + { + "name": "kaffeine-http-peek-bo(25631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25631" + }, + { + "name": "GLSA-200604-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml" + }, + { + "name": "SUSE-SR:2006:008", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html" + }, + { + "name": "19549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19549" + }, + { + "name": "19542", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19542" + }, + { + "name": "19525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19525" + }, + { + "name": "19540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19540" + }, + { + "name": "20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430319/100/0/threaded" + }, + { + "name": "19571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19571" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0418.json b/2006/0xxx/CVE-2006-0418.json index 3929f2cce08..57937f60c0b 100644 --- a/2006/0xxx/CVE-2006-0418.json +++ b/2006/0xxx/CVE-2006-0418.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060124 [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423164/100/0/threaded" - }, - { - "name" : "16360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060124 [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423164/100/0/threaded" + }, + { + "name": "16360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16360" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0709.json b/2006/0xxx/CVE-2006-0709.json index c906d985c1d..b34e0cd6c25 100644 --- a/2006/0xxx/CVE-2006-0709.json +++ b/2006/0xxx/CVE-2006-0709.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482" - }, - { - "name" : "DSA-995", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-995" - }, - { - "name" : "GLSA-200603-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-16.xml" - }, - { - "name" : "MDKSA-2006:047", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:047" - }, - { - "name" : "RHSA-2006:0217", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0217.html" - }, - { - "name" : "SUSE-SR:2006:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" - }, - { - "name" : "16611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16611" - }, - { - "name" : "ADV-2006-0565", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0565" - }, - { - "name" : "1015654", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015654" - }, - { - "name" : "18796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18796" - }, - { - "name" : "18987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18987" - }, - { - "name" : "19000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19000" - }, - { - "name" : "19130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19130" - }, - { - "name" : "19226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19226" - }, - { - "name" : "19304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19304" - }, - { - "name" : "metamail-boundary-bo(24702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015654", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015654" + }, + { + "name": "18796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18796" + }, + { + "name": "SUSE-SR:2006:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html" + }, + { + "name": "19226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19226" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482" + }, + { + "name": "GLSA-200603-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-16.xml" + }, + { + "name": "metamail-boundary-bo(24702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24702" + }, + { + "name": "MDKSA-2006:047", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:047" + }, + { + "name": "18987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18987" + }, + { + "name": "19130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19130" + }, + { + "name": "DSA-995", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-995" + }, + { + "name": "RHSA-2006:0217", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0217.html" + }, + { + "name": "19000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19000" + }, + { + "name": "16611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16611" + }, + { + "name": "19304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19304" + }, + { + "name": "ADV-2006-0565", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0565" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0804.json b/2006/0xxx/CVE-2006-0804.json index 97610f27899..b39947a2bb1 100644 --- a/2006/0xxx/CVE-2006-0804.json +++ b/2006/0xxx/CVE-2006-0804.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200611-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-18.xml" - }, - { - "name" : "OpenPKG-SA-2006.005", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/OpenPKG-SA-2006.005-tin.html" - }, - { - "name" : "SUSE-SR:2006:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" - }, - { - "name" : "16728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16728" - }, - { - "name" : "ADV-2006-0702", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0702" - }, - { - "name" : "19130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19130" - }, - { - "name" : "tin-offbyone-bo(24841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200611-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-18.xml" + }, + { + "name": "SUSE-SR:2006:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html" + }, + { + "name": "ADV-2006-0702", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0702" + }, + { + "name": "OpenPKG-SA-2006.005", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.005-tin.html" + }, + { + "name": "19130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19130" + }, + { + "name": "tin-offbyone-bo(24841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24841" + }, + { + "name": "16728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16728" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1624.json b/2006/1xxx/CVE-2006-1624.json index 62095909ed6..5711e4ead47 100644 --- a/2006/1xxx/CVE-2006-1624.json +++ b/2006/1xxx/CVE-2006-1624.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060331 DoS-ing sysklogd?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429618/100/0/threaded" - }, - { - "name" : "20060402 RE: DoS-ing sysklogd?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429739/100/0/threaded" - }, - { - "name" : "sysklogd-sourceip-dos(25672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060331 DoS-ing sysklogd?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429618/100/0/threaded" + }, + { + "name": "20060402 RE: DoS-ing sysklogd?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429739/100/0/threaded" + }, + { + "name": "sysklogd-sourceip-dos(25672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25672" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3113.json b/2006/3xxx/CVE-2006-3113.json index ac896fb95b6..04a0af65dc1 100644 --- a/2006/3xxx/CVE-2006-3113.json +++ b/2006/3xxx/CVE-2006-3113.json @@ -1,372 +1,372 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-3113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060727 rPSA-2006-0137-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded" - }, - { - "name" : "20060727 Secunia Research: Mozilla Firefox XPCOM Event Handling MemoryCorruption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441330/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html" - }, - { - "name" : "http://secunia.com/secunia_research/2006-53/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-53/advisory/" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-536", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-536" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-537", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-537" - }, - { - "name" : "GLSA-200608-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml" - }, - { - "name" : "GLSA-200608-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml" - }, - { - "name" : "GLSA-200608-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "RHSA-2006:0608", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" - }, - { - "name" : "USN-327-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/327-1/" - }, - { - "name" : "USN-329-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/329-1/" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "TA06-208A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" - }, - { - "name" : "VU#239124", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/239124" - }, - { - "name" : "19181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19181" - }, - { - "name" : "19197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19197" - }, - { - "name" : "oval:org.mitre.oval:def:10261", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10261" - }, - { - "name" : "ADV-2006-2998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2998" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016586" - }, - { - "name" : "1016587", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016587" - }, - { - "name" : "1016588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016588" - }, - { - "name" : "19873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19873" - }, - { - "name" : "21216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21216" - }, - { - "name" : "21228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21228" - }, - { - "name" : "21229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21229" - }, - { - "name" : "21246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21246" - }, - { - "name" : "21243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21243" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21275" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21358" - }, - { - "name" : "21361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21361" - }, - { - "name" : "21250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21250" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "21343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21343" - }, - { - "name" : "21529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21529" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-xpcom-memory-corruption(27982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#239124", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/239124" + }, + { + "name": "21243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21243" + }, + { + "name": "RHSA-2006:0608", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html" + }, + { + "name": "GLSA-200608-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-02.xml" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "http://secunia.com/secunia_research/2006-53/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-53/advisory/" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "19181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19181" + }, + { + "name": "TA06-208A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "mozilla-xpcom-memory-corruption(27982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27982" + }, + { + "name": "ADV-2006-2998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2998" + }, + { + "name": "20060727 rPSA-2006-0137-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded" + }, + { + "name": "21529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21529" + }, + { + "name": "19197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19197" + }, + { + "name": "21216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21216" + }, + { + "name": "GLSA-200608-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "20060727 Secunia Research: Mozilla Firefox XPCOM Event Handling MemoryCorruption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441330/100/0/threaded" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "1016588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016588" + }, + { + "name": "USN-329-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/329-1/" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "1016586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016586" + }, + { + "name": "19873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19873" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "USN-327-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/327-1/" + }, + { + "name": "21361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21361" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21275" + }, + { + "name": "21246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21246" + }, + { + "name": "SUSE-SA:2006:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html" + }, + { + "name": "21229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21229" + }, + { + "name": "oval:org.mitre.oval:def:10261", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10261" + }, + { + "name": "1016587", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016587" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "21228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21228" + }, + { + "name": "21250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21250" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21358" + }, + { + "name": "https://issues.rpath.com/browse/RPL-536", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-536" + }, + { + "name": "https://issues.rpath.com/browse/RPL-537", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-537" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "GLSA-200608-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-04.xml" + }, + { + "name": "21343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21343" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3434.json b/2006/3xxx/CVE-2006-3434.json index 4a86d6565f3..67c8c8a2615 100644 --- a/2006/3xxx/CVE-2006-3434.json +++ b/2006/3xxx/CVE-2006-3434.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02161", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "SSRT061264", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "MS06-062", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062" - }, - { - "name" : "VU#234900", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/234900" - }, - { - "name" : "20382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20382" - }, - { - "name" : "ADV-2006-3981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3981" - }, - { - "name" : "oval:org.mitre.oval:def:389", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A389" - }, - { - "name" : "1017034", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017034" - }, - { - "name" : "22339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#234900", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/234900" + }, + { + "name": "oval:org.mitre.oval:def:389", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A389" + }, + { + "name": "SSRT061264", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "ADV-2006-3981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3981" + }, + { + "name": "MS06-062", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062" + }, + { + "name": "1017034", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017034" + }, + { + "name": "HPSBST02161", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "20382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20382" + }, + { + "name": "22339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22339" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3605.json b/2006/3xxx/CVE-2006-3605.json index 5ccba6accb5..dd85ad1b525 100644 --- a/2006/3xxx/CVE-2006-3605.json +++ b/2006/3xxx/CVE-2006-3605.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html" - }, - { - "name" : "18960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18960" - }, - { - "name" : "ADV-2006-2793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2793" - }, - { - "name" : "27057", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27057" - }, - { - "name" : "ie-revealtrans-dos(27713)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27057", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27057" + }, + { + "name": "ie-revealtrans-dos(27713)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27713" + }, + { + "name": "ADV-2006-2793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2793" + }, + { + "name": "18960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18960" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3736.json b/2006/3xxx/CVE-2006-3736.json index 58a9efefae3..fb50566cbbf 100644 --- a/2006/3xxx/CVE-2006-3736.json +++ b/2006/3xxx/CVE-2006-3736.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2020", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2020" - }, - { - "name" : "19049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19049" - }, - { - "name" : "ADV-2006-2845", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2845" - }, - { - "name" : "21082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21082" - }, - { - "name" : "videodb-class-xml-file-include(27778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19049" + }, + { + "name": "ADV-2006-2845", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2845" + }, + { + "name": "videodb-class-xml-file-include(27778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27778" + }, + { + "name": "2020", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2020" + }, + { + "name": "21082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21082" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3923.json b/2006/3xxx/CVE-2006-3923.json index 6ab4a134631..f2439a45f66 100644 --- a/2006/3xxx/CVE-2006-3923.json +++ b/2006/3xxx/CVE-2006-3923.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060722 [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440859/100/100/threaded" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls24.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls24.txt" - }, - { - "name" : "19120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19120" - }, - { - "name" : "ADV-2006-2962", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2962" - }, - { - "name" : "21173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21173" - }, - { - "name" : "1299", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1299" - }, - { - "name" : "firemouse-toplist-add-xss(27912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060722 [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440859/100/100/threaded" + }, + { + "name": "19120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19120" + }, + { + "name": "ADV-2006-2962", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2962" + }, + { + "name": "http://www.majorsecurity.de/advisory/major_rls24.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls24.txt" + }, + { + "name": "firemouse-toplist-add-xss(27912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27912" + }, + { + "name": "1299", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1299" + }, + { + "name": "21173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21173" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4169.json b/2006/4xxx/CVE-2006-4169.json index afb6cd2b99b..38fd8046c54 100644 --- a/2006/4xxx/CVE-2006-4169.json +++ b/2006/4xxx/CVE-2006-4169.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070711 SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=555" - }, - { - "name" : "GLSA-200708-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200708-08.xml" - }, - { - "name" : "24874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24874" - }, - { - "name" : "37932", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37932" - }, - { - "name" : "37933", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37933" - }, - { - "name" : "ADV-2007-2513", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2513" - }, - { - "name" : "26035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26035" - }, - { - "name" : "26424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26424" - }, - { - "name" : "squirrelmail-gpgp-help-file-include(35362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26035" + }, + { + "name": "26424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26424" + }, + { + "name": "20070711 SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=555" + }, + { + "name": "37933", + "refsource": "OSVDB", + "url": "http://osvdb.org/37933" + }, + { + "name": "37932", + "refsource": "OSVDB", + "url": "http://osvdb.org/37932" + }, + { + "name": "24874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24874" + }, + { + "name": "ADV-2007-2513", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2513" + }, + { + "name": "GLSA-200708-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200708-08.xml" + }, + { + "name": "squirrelmail-gpgp-help-file-include(35362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35362" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4298.json b/2006/4xxx/CVE-2006-4298.json index 8cc30bd0cfd..77d36c97b14 100644 --- a/2006/4xxx/CVE-2006-4298.json +++ b/2006/4xxx/CVE-2006-4298.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00110-08172006", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00110-08172006" - }, - { - "name" : "http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371", - "refsource" : "CONFIRM", - "url" : "http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371" - }, - { - "name" : "oscommerce-cache-directory-traversal(28435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gulftech.org/?node=research&article_id=00110-08172006", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00110-08172006" + }, + { + "name": "http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371", + "refsource": "CONFIRM", + "url": "http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371" + }, + { + "name": "oscommerce-cache-directory-traversal(28435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28435" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4599.json b/2006/4xxx/CVE-2006-4599.json index 5250c4d3fa0..3d488a396cd 100644 --- a/2006/4xxx/CVE-2006-4599.json +++ b/2006/4xxx/CVE-2006-4599.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060902 Autentificator <=2.01 SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445008/100/0/threaded" - }, - { - "name" : "19813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19813" - }, - { - "name" : "ADV-2006-3442", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3442" - }, - { - "name" : "21737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21737" - }, - { - "name" : "1494", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060902 Autentificator <=2.01 SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445008/100/0/threaded" + }, + { + "name": "1494", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1494" + }, + { + "name": "ADV-2006-3442", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3442" + }, + { + "name": "21737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21737" + }, + { + "name": "19813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19813" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4655.json b/2006/4xxx/CVE-2006-4655.json index 9944673a95d..031e97536d1 100644 --- a/2006/4xxx/CVE-2006-4655.json +++ b/2006/4xxx/CVE-2006-4655.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060908 [RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445579/100/0/threaded" - }, - { - "name" : "http://www.risesecurity.org/advisory/RISE-2006001.txt", - "refsource" : "MISC", - "url" : "http://www.risesecurity.org/advisory/RISE-2006001.txt" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm" - }, - { - "name" : "102570", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1" - }, - { - "name" : "19905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19905" - }, - { - "name" : "ADV-2006-3525", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3525" - }, - { - "name" : "ADV-2006-3529", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3529" - }, - { - "name" : "oval:org.mitre.oval:def:1798", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798" - }, - { - "name" : "1016806", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016806" - }, - { - "name" : "21815", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21815" - }, - { - "name" : "21845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21845" - }, - { - "name" : "21856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21856" - }, - { - "name" : "21993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21993" - }, - { - "name" : "1545", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1545" - }, - { - "name" : "xorg-libx11-xkeyboard-bo(28820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3529", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3529" + }, + { + "name": "19905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19905" + }, + { + "name": "102570", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1" + }, + { + "name": "20060908 [RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445579/100/0/threaded" + }, + { + "name": "1016806", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016806" + }, + { + "name": "21856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21856" + }, + { + "name": "ADV-2006-3525", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3525" + }, + { + "name": "oval:org.mitre.oval:def:1798", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798" + }, + { + "name": "21815", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21815" + }, + { + "name": "21993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21993" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm" + }, + { + "name": "1545", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1545" + }, + { + "name": "21845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21845" + }, + { + "name": "http://www.risesecurity.org/advisory/RISE-2006001.txt", + "refsource": "MISC", + "url": "http://www.risesecurity.org/advisory/RISE-2006001.txt" + }, + { + "name": "xorg-libx11-xkeyboard-bo(28820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2661.json b/2010/2xxx/CVE-2010-2661.json index c9188f96055..f0f57df5b32 100644 --- a/2010/2xxx/CVE-2010-2661.json +++ b/2010/2xxx/CVE-2010-2661.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1054/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1054/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1060/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1054/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1054/" - }, - { - "name" : "http://www.opera.com/support/search/view/960/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/960/" - }, - { - "name" : "40973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40973" - }, - { - "name" : "oval:org.mitre.oval:def:11669", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11669" - }, - { - "name" : "40250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40250" - }, - { - "name" : "ADV-2010-1529", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1529" - }, - { - "name" : "ADV-2010-1673", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1673", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1673" + }, + { + "name": "40973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40973" + }, + { + "name": "http://www.opera.com/support/search/view/960/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/960/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1060/" + }, + { + "name": "ADV-2010-1529", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1529" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1054/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1054/" + }, + { + "name": "40250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40250" + }, + { + "name": "oval:org.mitre.oval:def:11669", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11669" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1054/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1054/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2663.json b/2010/2xxx/CVE-2010-2663.json index e087499efa2..13cf027360d 100644 --- a/2010/2xxx/CVE-2010-2663.json +++ b/2010/2xxx/CVE-2010-2663.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1060/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1060/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1060/" - }, - { - "name" : "oval:org.mitre.oval:def:11170", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/mac/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1060/" + }, + { + "name": "oval:org.mitre.oval:def:11170", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11170" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1060/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1060/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2814.json b/2010/2xxx/CVE-2010-2814.json index 8f44594e58d..5209e022c4e 100644 --- a/2010/2xxx/CVE-2010-2814.json +++ b/2010/2xxx/CVE-2010-2814.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100804 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml" - }, - { - "name" : "42196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42196" - }, - { - "name" : "40842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40842" + }, + { + "name": "42196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42196" + }, + { + "name": "20100804 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3142.json b/2010/3xxx/CVE-2010-3142.json index 343eef68f3a..ffabcfc001b 100644 --- a/2010/3xxx/CVE-2010-3142.json +++ b/2010/3xxx/CVE-2010-3142.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14782", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14782/" - }, - { - "name" : "oval:org.mitre.oval:def:12219", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12219", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12219" + }, + { + "name": "14782", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14782/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3480.json b/2010/3xxx/CVE-2010-3480.json index cc984867c80..9a573c47158 100644 --- a/2010/3xxx/CVE-2010-3480.json +++ b/2010/3xxx/CVE-2010-3480.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15011", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15011" - }, - { - "name" : "43232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43232" - }, - { - "name" : "68074", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68074" - }, - { - "name" : "41455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41455" - }, - { - "name" : "41491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41491" - }, - { - "name" : "phpmicrocms-index-file-include(61813)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41491" + }, + { + "name": "43232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43232" + }, + { + "name": "15011", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15011" + }, + { + "name": "phpmicrocms-index-file-include(61813)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61813" + }, + { + "name": "41455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41455" + }, + { + "name": "68074", + "refsource": "OSVDB", + "url": "http://osvdb.org/68074" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3589.json b/2010/3xxx/CVE-2010-3589.json index 89e28daf33d..e1b90b25c03 100644 --- a/2010/3xxx/CVE-2010-3589.json +++ b/2010/3xxx/CVE-2010-3589.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45861" - }, - { - "name" : "42922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42922" - }, - { - "name" : "ADV-2011-0144", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0144" - }, - { - "name" : "oracle-ebusiness-library-unauth-access(64781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42922" + }, + { + "name": "ADV-2011-0144", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0144" + }, + { + "name": "oracle-ebusiness-library-unauth-access(64781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64781" + }, + { + "name": "45861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45861" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3724.json b/2010/3xxx/CVE-2010-3724.json index 98eacc8bae4..77c88059dab 100644 --- a/2010/3xxx/CVE-2010-3724.json +++ b/2010/3xxx/CVE-2010-3724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3724", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3724", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3963.json b/2010/3xxx/CVE-2010-3963.json index 4370825b340..72ec3d11e09 100644 --- a/2010/3xxx/CVE-2010-3963.json +++ b/2010/3xxx/CVE-2010-3963.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka \"Kernel NDProxy Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-099", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-099" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "45269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45269" - }, - { - "name" : "69823", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69823" - }, - { - "name" : "oval:org.mitre.oval:def:12461", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12461" - }, - { - "name" : "1024881", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024881" - }, - { - "name" : "42613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42613" - }, - { - "name" : "ADV-2010-3221", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka \"Kernel NDProxy Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "1024881", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024881" + }, + { + "name": "45269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45269" + }, + { + "name": "69823", + "refsource": "OSVDB", + "url": "http://osvdb.org/69823" + }, + { + "name": "oval:org.mitre.oval:def:12461", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12461" + }, + { + "name": "ADV-2010-3221", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3221" + }, + { + "name": "42613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42613" + }, + { + "name": "MS10-099", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-099" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0628.json b/2011/0xxx/CVE-2011-0628.json index eba44fb896a..0413d177a1f 100644 --- a/2011/0xxx/CVE-2011-0628.json +++ b/2011/0xxx/CVE-2011-0628.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110524 Adobe Flash Player ActionScript Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html" - }, - { - "name" : "47961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47961" - }, - { - "name" : "oval:org.mitre.oval:def:13994", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13994" - }, - { - "name" : "oval:org.mitre.oval:def:15639", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15639" - }, - { - "name" : "flash-player-overflow(67638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13994", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13994" + }, + { + "name": "20110524 Adobe Flash Player ActionScript Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908" + }, + { + "name": "47961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47961" + }, + { + "name": "oval:org.mitre.oval:def:15639", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15639" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" + }, + { + "name": "flash-player-overflow(67638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67638" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0819.json b/2011/0xxx/CVE-2011-0819.json index 7757cbf0a17..0509184c6cb 100644 --- a/2011/0xxx/CVE-2011-0819.json +++ b/2011/0xxx/CVE-2011-0819.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2011-0823." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2011-0823." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1075.json b/2011/1xxx/CVE-2011-1075.json index 7279c5c92b2..359300f1e44 100644 --- a/2011/1xxx/CVE-2011-1075.json +++ b/2011/1xxx/CVE-2011-1075.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1075", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1075", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1094.json b/2011/1xxx/CVE-2011-1094.json index 9340cb32188..f2e5e8a7ea9 100644 --- a/2011/1xxx/CVE-2011-1094.json +++ b/2011/1xxx/CVE-2011-1094.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110308 KDE SSL name check issue", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/13" - }, - { - "name" : "[oss-security] 20110308 Re: KDE SSL name check issue", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/20" - }, - { - "name" : "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7", - "refsource" : "CONFIRM", - "url" : "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7" - }, - { - "name" : "MDVSA-2011:071", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:071" - }, - { - "name" : "USN-1110-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1110-1" - }, - { - "name" : "46789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46789" - }, - { - "name" : "44108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44108" - }, - { - "name" : "ADV-2011-0913", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0913" - }, - { - "name" : "ADV-2011-0990", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0990" - }, - { - "name" : "kdelibs-ssl-security-bypass(65986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0990", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0990" + }, + { + "name": "MDVSA-2011:071", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:071" + }, + { + "name": "46789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46789" + }, + { + "name": "44108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44108" + }, + { + "name": "USN-1110-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1110-1" + }, + { + "name": "ADV-2011-0913", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0913" + }, + { + "name": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7", + "refsource": "CONFIRM", + "url": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7" + }, + { + "name": "[oss-security] 20110308 KDE SSL name check issue", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/13" + }, + { + "name": "kdelibs-ssl-security-bypass(65986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65986" + }, + { + "name": "[oss-security] 20110308 Re: KDE SSL name check issue", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/20" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1655.json b/2011/1xxx/CVE-2011-1655.json index b63407ef17f..bd7efeb7f19 100644 --- a/2011/1xxx/CVE-2011-1655.json +++ b/2011/1xxx/CVE-2011-1655.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110413 CA20110413-01: Security Notice for CA Total Defense", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517494/100/0/threaded" - }, - { - "name" : "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517492/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-127/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-127/" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}" - }, - { - "name" : "47356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47356" - }, - { - "name" : "1025353", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025353" - }, - { - "name" : "44097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44097" - }, - { - "name" : "ADV-2011-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0977" - }, - { - "name" : "totaldefense-uncsw-code-execution(66727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded" + }, + { + "name": "44097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44097" + }, + { + "name": "ADV-2011-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0977" + }, + { + "name": "1025353", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025353" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/" + }, + { + "name": "47356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47356" + }, + { + "name": "totaldefense-uncsw-code-execution(66727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727" + }, + { + "name": "20110413 CA20110413-01: Security Notice for CA Total Defense", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1758.json b/2011/1xxx/CVE-2011-1758.json index 447cead1bab..0fc56547ec1 100644 --- a/2011/1xxx/CVE-2011-1758.json +++ b/2011/1xxx/CVE-2011-1758.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/29/4" - }, - { - "name" : "[sssd-devel] 20110429 SSSD Security Release 1.5.7", - "refsource" : "MLIST", - "url" : "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html" - }, - { - "name" : "http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a", - "refsource" : "CONFIRM", - "url" : "http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=700867", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=700867" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=700891", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=700891" - }, - { - "name" : "https://fedorahosted.org/sssd/ticket/856", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/sssd/ticket/856" - }, - { - "name" : "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7" - }, - { - "name" : "FEDORA-2011-5815", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html" - }, - { - "name" : "FEDORA-2011-6279", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=700867", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867" + }, + { + "name": "https://fedorahosted.org/sssd/ticket/856", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/sssd/ticket/856" + }, + { + "name": "[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/29/4" + }, + { + "name": "FEDORA-2011-5815", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html" + }, + { + "name": "FEDORA-2011-6279", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html" + }, + { + "name": "[sssd-devel] 20110429 SSSD Security Release 1.5.7", + "refsource": "MLIST", + "url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html" + }, + { + "name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7" + }, + { + "name": "http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a", + "refsource": "CONFIRM", + "url": "http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=700891", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5260.json b/2011/5xxx/CVE-2011-5260.json index 3d64c85c729..e65764b927c 100644 --- a/2011/5xxx/CVE-2011-5260.json +++ b/2011/5xxx/CVE-2011-5260.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111117 [DSECRG-11-037] SAP BW Doc - Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520555/100/0/threaded" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=337", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=337" - }, - { - "name" : "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/" - }, - { - "name" : "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4", - "refsource" : "CONFIRM", - "url" : "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=337", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=337" + }, + { + "name": "20111117 [DSECRG-11-037] SAP BW Doc - Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520555/100/0/threaded" + }, + { + "name": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4", + "refsource": "CONFIRM", + "url": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3183.json b/2014/3xxx/CVE-2014-3183.json index 0a5dec22c13..0eb806b26c3 100644 --- a/2014/3xxx/CVE-2014-3183.json +++ b/2014/3xxx/CVE-2014-3183.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/21" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=90", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=90" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141344", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141344" - }, - { - "name" : "https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2" + }, + { + "name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141344", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141344" + }, + { + "name": "https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=90", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=90" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3353.json b/2014/3xxx/CVE-2014-3353.json index 5a3412caae8..9a317eefd28 100644 --- a/2014/3xxx/CVE-2014-3353.json +++ b/2014/3xxx/CVE-2014-3353.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35559", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35559" - }, - { - "name" : "20140902 Cisco IOS XR Software Malformed IPv6 Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3353" - }, - { - "name" : "69506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69506" - }, - { - "name" : "1030790", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030790" - }, - { - "name" : "60205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60205" - }, - { - "name" : "ciscoiosxr-cve20143353-dos(95623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35559", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35559" + }, + { + "name": "69506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69506" + }, + { + "name": "60205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60205" + }, + { + "name": "1030790", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030790" + }, + { + "name": "20140902 Cisco IOS XR Software Malformed IPv6 Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3353" + }, + { + "name": "ciscoiosxr-cve20143353-dos(95623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95623" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3831.json b/2014/3xxx/CVE-2014-3831.json index cfbabcd2454..d6c98d94c01 100644 --- a/2014/3xxx/CVE-2014-3831.json +++ b/2014/3xxx/CVE-2014-3831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3831", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3831", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3960.json b/2014/3xxx/CVE-2014-3960.json index 700855655c9..4cb4f69c60f 100644 --- a/2014/3xxx/CVE-2014-3960.json +++ b/2014/3xxx/CVE-2014-3960.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7", - "refsource" : "CONFIRM", - "url" : "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7" - }, - { - "name" : "67774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67774" - }, - { - "name" : "58748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7", + "refsource": "CONFIRM", + "url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7" + }, + { + "name": "67774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67774" + }, + { + "name": "58748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58748" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6454.json b/2014/6xxx/CVE-2014-6454.json index 112b3d5f07a..0b666cf2c98 100644 --- a/2014/6xxx/CVE-2014-6454.json +++ b/2014/6xxx/CVE-2014-6454.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70529" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6487.json b/2014/6xxx/CVE-2014-6487.json index 9a84d6d478d..99cd6a1f906 100644 --- a/2014/6xxx/CVE-2014-6487.json +++ b/2014/6xxx/CVE-2014-6487.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70458" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6658.json b/2014/6xxx/CVE-2014-6658.json index 8bc29551292..d1968b672ae 100644 --- a/2014/6xxx/CVE-2014-6658.json +++ b/2014/6xxx/CVE-2014-6658.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#975681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/975681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#975681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/975681" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7022.json b/2014/7xxx/CVE-2014-7022.json index 5219c1986d4..a224e75ac86 100644 --- a/2014/7xxx/CVE-2014-7022.json +++ b/2014/7xxx/CVE-2014-7022.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#748289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/748289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#748289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/748289" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7726.json b/2014/7xxx/CVE-2014-7726.json index 089fe0b6c11..5c72544f6ff 100644 --- a/2014/7xxx/CVE-2014-7726.json +++ b/2014/7xxx/CVE-2014-7726.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#851073", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/851073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#851073", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/851073" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7828.json b/2014/7xxx/CVE-2014-7828.json index 9445c3dfee8..e43ebd4485d 100644 --- a/2014/7xxx/CVE-2014-7828.json +++ b/2014/7xxx/CVE-2014-7828.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Freeipa-devel] 20141105 [PATCH 0076] Ensure that a password exists after OTP validation", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/freeipa-devel/2014-November/msg00068.html" - }, - { - "name" : "[Freeipa-users] 20141105 ATTN: CVE-2014-7828", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/freeipa-users/2014-November/msg00077.html" - }, - { - "name" : "http://www.freeipa.org/page/Releases/4.1.1", - "refsource" : "CONFIRM", - "url" : "http://www.freeipa.org/page/Releases/4.1.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1160871", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1160871" - }, - { - "name" : "https://fedorahosted.org/freeipa/ticket/4690", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/freeipa/ticket/4690" - }, - { - "name" : "FEDORA-2014-14427", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143000.html" - }, - { - "name" : "70932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70932" - }, - { - "name" : "freeipa-otp-sec-bypass(98500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fedorahosted.org/freeipa/ticket/4690", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/freeipa/ticket/4690" + }, + { + "name": "http://www.freeipa.org/page/Releases/4.1.1", + "refsource": "CONFIRM", + "url": "http://www.freeipa.org/page/Releases/4.1.1" + }, + { + "name": "[Freeipa-users] 20141105 ATTN: CVE-2014-7828", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/freeipa-users/2014-November/msg00077.html" + }, + { + "name": "[Freeipa-devel] 20141105 [PATCH 0076] Ensure that a password exists after OTP validation", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/freeipa-devel/2014-November/msg00068.html" + }, + { + "name": "freeipa-otp-sec-bypass(98500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98500" + }, + { + "name": "FEDORA-2014-14427", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1160871", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160871" + }, + { + "name": "70932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70932" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8198.json b/2014/8xxx/CVE-2014-8198.json index 752054b9b98..a59f69ba1ac 100644 --- a/2014/8xxx/CVE-2014-8198.json +++ b/2014/8xxx/CVE-2014-8198.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8198", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8198", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8219.json b/2014/8xxx/CVE-2014-8219.json index 708d73d7c9c..326321b4eee 100644 --- a/2014/8xxx/CVE-2014-8219.json +++ b/2014/8xxx/CVE-2014-8219.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8219", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8219", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8466.json b/2014/8xxx/CVE-2014-8466.json index 0fd1794487c..e6e06c2f7e6 100644 --- a/2014/8xxx/CVE-2014-8466.json +++ b/2014/8xxx/CVE-2014-8466.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8466", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8466", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8694.json b/2014/8xxx/CVE-2014-8694.json index bc1eefefc51..f103d24e3e4 100644 --- a/2014/8xxx/CVE-2014-8694.json +++ b/2014/8xxx/CVE-2014-8694.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8694", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8694", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8836.json b/2014/8xxx/CVE-2014-8836.json index df6a33ca5b3..37d62e19ebf 100644 --- a/2014/8xxx/CVE-2014-8836.json +++ b/2014/8xxx/CVE-2014-8836.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/google-security-research/issues/detail?id=136", - "refsource" : "MISC", - "url" : "http://code.google.com/p/google-security-research/issues/detail?id=136" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031626", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031626" - }, - { - "name" : "macosx-cve20148836-priv-esc(100490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/google-security-research/issues/detail?id=136", + "refsource": "MISC", + "url": "http://code.google.com/p/google-security-research/issues/detail?id=136" + }, + { + "name": "macosx-cve20148836-priv-esc(100490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100490" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "1031626", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031626" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2520.json b/2016/2xxx/CVE-2016-2520.json index eaae76f8e9d..5dd352170c9 100644 --- a/2016/2xxx/CVE-2016-2520.json +++ b/2016/2xxx/CVE-2016-2520.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2520", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2520", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2662.json b/2016/2xxx/CVE-2016-2662.json index 07b5cfdcc03..bbe18f14200 100644 --- a/2016/2xxx/CVE-2016-2662.json +++ b/2016/2xxx/CVE-2016-2662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2662", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2662", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2964.json b/2016/2xxx/CVE-2016-2964.json index abeb741be62..6cd9ea0fc8c 100644 --- a/2016/2xxx/CVE-2016-2964.json +++ b/2016/2xxx/CVE-2016-2964.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-25T00:00:00", - "ID" : "CVE-2016-2964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-25T00:00:00", + "ID": "CVE-2016-2964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113813", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113813" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006441", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006441" - }, - { - "name" : "100572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113813", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113813" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006441", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006441" + }, + { + "name": "100572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100572" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6092.json b/2016/6xxx/CVE-2016-6092.json index db2fa13a400..330cb33c19a 100644 --- a/2016/6xxx/CVE-2016-6092.json +++ b/2016/6xxx/CVE-2016-6092.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.5" - }, - { - "version_value" : "1.0" - }, - { - "version_value" : "2.0" - }, - { - "version_value" : "2.0.1" - }, - { - "version_value" : "2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.5" + }, + { + "version_value": "1.0" + }, + { + "version_value": "2.0" + }, + { + "version_value": "2.0.1" + }, + { + "version_value": "2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997953", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997953", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997953" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6669.json b/2016/6xxx/CVE-2016-6669.json index ab4e83a9993..b7cfdd86bc0 100644 --- a/2016/6xxx/CVE-2016-6669.json +++ b/2016/6xxx/CVE-2016-6669.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en" - }, - { - "name" : "92441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92441" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6818.json b/2016/6xxx/CVE-2016-6818.json index 9049c6bf3cc..0a53cdef0ed 100644 --- a/2016/6xxx/CVE-2016-6818.json +++ b/2016/6xxx/CVE-2016-6818.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-january-2017/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-january-2017/" - }, - { - "name" : "97661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97661" + }, + { + "name": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-january-2017/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-january-2017/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18327.json b/2017/18xxx/CVE-2017-18327.json index 3c8afc43394..cf01377a647 100644 --- a/2017/18xxx/CVE-2017-18327.json +++ b/2017/18xxx/CVE-2017-18327.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in WCDMA" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in WCDMA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5084.json b/2017/5xxx/CVE-2017-5084.json index 8876a710835..8ca10b1b8f2 100644 --- a/2017/5xxx/CVE-2017-5084.json +++ b/2017/5xxx/CVE-2017-5084.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.92", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.92" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.92", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.92" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html" - }, - { - "name" : "https://crbug.com/702030", - "refsource" : "MISC", - "url" : "https://crbug.com/702030" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "98986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/702030", + "refsource": "MISC", + "url": "https://crbug.com/702030" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "98986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98986" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5755.json b/2017/5xxx/CVE-2017-5755.json index fc75fee12bf..aba9dd50ead 100644 --- a/2017/5xxx/CVE-2017-5755.json +++ b/2017/5xxx/CVE-2017-5755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5755", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5755", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file