diff --git a/2006/0xxx/CVE-2006-0150.json b/2006/0xxx/CVE-2006-0150.json index 69bc4df7ada..ce4b26f8510 100644 --- a/2006/0xxx/CVE-2006-0150.json +++ b/2006/0xxx/CVE-2006-0150.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421286/100/0/threaded" - }, - { - "name" : "http://www.digitalarmaments.com/2006090173928420.html", - "refsource" : "MISC", - "url" : "http://www.digitalarmaments.com/2006090173928420.html" - }, - { - "name" : "http://www.rudedog.org/auth_ldap/Changes.html", - "refsource" : "CONFIRM", - "url" : "http://www.rudedog.org/auth_ldap/Changes.html" - }, - { - "name" : "DSA-952", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-952" - }, - { - "name" : "MDKSA-2006:017", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017" - }, - { - "name" : "RHSA-2006:0179", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0179.html" - }, - { - "name" : "16177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16177" - }, - { - "name" : "ADV-2006-0117", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0117" - }, - { - "name" : "1015456", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015456" - }, - { - "name" : "18382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18382" - }, - { - "name" : "18405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18405" - }, - { - "name" : "18412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18412" - }, - { - "name" : "18568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18568" - }, - { - "name" : "apache-authldap-format-string(24030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apache-authldap-format-string(24030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030" + }, + { + "name": "ADV-2006-0117", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0117" + }, + { + "name": "1015456", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015456" + }, + { + "name": "18412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18412" + }, + { + "name": "MDKSA-2006:017", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017" + }, + { + "name": "18382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18382" + }, + { + "name": "http://www.rudedog.org/auth_ldap/Changes.html", + "refsource": "CONFIRM", + "url": "http://www.rudedog.org/auth_ldap/Changes.html" + }, + { + "name": "20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded" + }, + { + "name": "16177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16177" + }, + { + "name": "18568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18568" + }, + { + "name": "RHSA-2006:0179", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html" + }, + { + "name": "http://www.digitalarmaments.com/2006090173928420.html", + "refsource": "MISC", + "url": "http://www.digitalarmaments.com/2006090173928420.html" + }, + { + "name": "DSA-952", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-952" + }, + { + "name": "18405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18405" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0223.json b/2006/0xxx/CVE-2006-0223.json index fd504ca2626..a14908607db 100644 --- a/2006/0xxx/CVE-2006-0223.json +++ b/2006/0xxx/CVE-2006-0223.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via \"..\" (dot dot) sequences in the username field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.123flashchat.com/flash-chat-server-v512.html", - "refsource" : "MISC", - "url" : "http://www.123flashchat.com/flash-chat-server-v512.html" - }, - { - "name" : "16235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16235" - }, - { - "name" : "ADV-2006-0198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0198" - }, - { - "name" : "22440", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22440" - }, - { - "name" : "18455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18455" - }, - { - "name" : "123flashchat-user-directory-traversal(24137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via \"..\" (dot dot) sequences in the username field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18455" + }, + { + "name": "16235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16235" + }, + { + "name": "ADV-2006-0198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0198" + }, + { + "name": "http://www.123flashchat.com/flash-chat-server-v512.html", + "refsource": "MISC", + "url": "http://www.123flashchat.com/flash-chat-server-v512.html" + }, + { + "name": "22440", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22440" + }, + { + "name": "123flashchat-user-directory-traversal(24137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24137" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0461.json b/2006/0xxx/CVE-2006-0461.json index 23fb4efc417..8a399331830 100644 --- a/2006/0xxx/CVE-2006-0461.json +++ b/2006/0xxx/CVE-2006-0461.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060125 [eVuln] ExpressionEngine 'Referer' XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423068/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/48/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/48/summary.html" - }, - { - "name" : "16377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16377" - }, - { - "name" : "ADV-2006-0325", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0325" - }, - { - "name" : "18602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18602" - }, - { - "name" : "372", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/372" - }, - { - "name" : "expressionengine-coreinput-xss(24296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0325", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0325" + }, + { + "name": "18602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18602" + }, + { + "name": "expressionengine-coreinput-xss(24296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24296" + }, + { + "name": "20060125 [eVuln] ExpressionEngine 'Referer' XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423068/100/0/threaded" + }, + { + "name": "372", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/372" + }, + { + "name": "http://evuln.com/vulns/48/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/48/summary.html" + }, + { + "name": "16377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16377" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0658.json b/2006/0xxx/CVE-2006-0658.json index c155be36336..7d21f29b124 100644 --- a/2006/0xxx/CVE-2006-0658.json +++ b/2006/0xxx/CVE-2006-0658.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424708" - }, - { - "name" : "3702", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3702" - }, - { - "name" : "http://retrogod.altervista.org/fckeditor_22_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/fckeditor_22_xpl.html" - }, - { - "name" : "ADV-2006-0502", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0502" - }, - { - "name" : "18767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://retrogod.altervista.org/fckeditor_22_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/fckeditor_22_xpl.html" + }, + { + "name": "ADV-2006-0502", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0502" + }, + { + "name": "20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424708" + }, + { + "name": "18767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18767" + }, + { + "name": "3702", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3702" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3018.json b/2006/3xxx/CVE-2006-3018.json index cc92a0542e2..0e17accbb71 100644 --- a/2006/3xxx/CVE-2006-3018.json +++ b/2006/3xxx/CVE-2006-3018.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/release_5_1_3.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_5_1_3.php" - }, - { - "name" : "MDKSA-2006:122", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" - }, - { - "name" : "USN-320-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-320-1" - }, - { - "name" : "17843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17843" - }, - { - "name" : "25254", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25254" - }, - { - "name" : "1016306", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016306" - }, - { - "name" : "19927", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19927" - }, - { - "name" : "21050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21050" - }, - { - "name" : "21125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25254", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25254" + }, + { + "name": "21050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21050" + }, + { + "name": "USN-320-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-320-1" + }, + { + "name": "http://www.php.net/release_5_1_3.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_5_1_3.php" + }, + { + "name": "MDKSA-2006:122", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" + }, + { + "name": "21125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21125" + }, + { + "name": "19927", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19927" + }, + { + "name": "1016306", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016306" + }, + { + "name": "17843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17843" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3489.json b/2006/3xxx/CVE-2006-3489.json index 35995aef923..d38a558337b 100644 --- a/2006/3xxx/CVE-2006-3489.json +++ b/2006/3xxx/CVE-2006-3489.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/security/fsc-2006-4.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2006-4.shtml" - }, - { - "name" : "18693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18693" - }, - { - "name" : "ADV-2006-2573", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2573" - }, - { - "name" : "26875", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26875" - }, - { - "name" : "1016400", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016400" - }, - { - "name" : "1016401", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016401" - }, - { - "name" : "20858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20858" - }, - { - "name" : "fsecure-antivirus-filename-security-bypass(27498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20858" + }, + { + "name": "1016400", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016400" + }, + { + "name": "26875", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26875" + }, + { + "name": "18693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18693" + }, + { + "name": "http://www.f-secure.com/security/fsc-2006-4.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2006-4.shtml" + }, + { + "name": "1016401", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016401" + }, + { + "name": "fsecure-antivirus-filename-security-bypass(27498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27498" + }, + { + "name": "ADV-2006-2573", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2573" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3652.json b/2006/3xxx/CVE-2006-3652.json index 25c3eeddf1d..da158c1b891 100644 --- a/2006/3xxx/CVE-2006-3652.json +++ b/2006/3xxx/CVE-2006-3652.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing \"#\" character. NOTE: as of 20060715, this could not be reproduced by third parties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060715 Bybass HTTP ( extension files ) in ISA 2004", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440105/100/0/threaded" - }, - { - "name" : "20060715 Re: Bybass HTTP ( extension files ) in ISA 2004", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440247/100/0/threaded" - }, - { - "name" : "20060716 Re: Bybass HTTP ( extension files ) in ISA 2004", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440446/100/0/threaded" - }, - { - "name" : "20060717 RE: Bybass HTTP ( extension files ) in ISA 2004", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440299/100/0/threaded" - }, - { - "name" : "20060719 Re: Bybass HTTP ( extension files ) in ISA 2004", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440558/100/0/threaded" - }, - { - "name" : "18994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18994" - }, - { - "name" : "1016506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing \"#\" character. NOTE: as of 20060715, this could not be reproduced by third parties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060716 Re: Bybass HTTP ( extension files ) in ISA 2004", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440446/100/0/threaded" + }, + { + "name": "20060719 Re: Bybass HTTP ( extension files ) in ISA 2004", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440558/100/0/threaded" + }, + { + "name": "18994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18994" + }, + { + "name": "20060715 Bybass HTTP ( extension files ) in ISA 2004", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440105/100/0/threaded" + }, + { + "name": "20060717 RE: Bybass HTTP ( extension files ) in ISA 2004", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440299/100/0/threaded" + }, + { + "name": "1016506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016506" + }, + { + "name": "20060715 Re: Bybass HTTP ( extension files ) in ISA 2004", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440247/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3806.json b/2006/3xxx/CVE-2006-3806.json index 047f79dc774..a936ec158bb 100644 --- a/2006/3xxx/CVE-2006-3806.json +++ b/2006/3xxx/CVE-2006-3806.json @@ -1,407 +1,407 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified \"string function arguments.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060727 rPSA-2006-0137-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-50.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-50.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-536", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-536" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-537", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-537" - }, - { - "name" : "DSA-1159", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1159" - }, - { - "name" : "DSA-1160", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1160" - }, - { - "name" : "DSA-1161", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1161" - }, - { - "name" : "GLSA-200608-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml" - }, - { - "name" : "GLSA-200608-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml" - }, - { - "name" : "GLSA-200608-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "RHSA-2006:0608", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "102763", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1" - }, - { - "name" : "SUSE-SA:2006:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" - }, - { - "name" : "USN-327-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/327-1/" - }, - { - "name" : "USN-329-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/329-1/" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "USN-361-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-361-1" - }, - { - "name" : "TA06-208A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" - }, - { - "name" : "VU#655892", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/655892" - }, - { - "name" : "19181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19181" - }, - { - "name" : "oval:org.mitre.oval:def:11232", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232" - }, - { - "name" : "ADV-2006-2998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2998" - }, - { - "name" : "ADV-2007-0058", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0058" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016586" - }, - { - "name" : "1016587", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016587" - }, - { - "name" : "1016588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016588" - }, - { - "name" : "19873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19873" - }, - { - "name" : "21216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21216" - }, - { - "name" : "21228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21228" - }, - { - "name" : "21229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21229" - }, - { - "name" : "21246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21246" - }, - { - "name" : "21243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21243" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21275" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21358" - }, - { - "name" : "21361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21361" - }, - { - "name" : "21250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21250" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "21343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21343" - }, - { - "name" : "21529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21529" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "21654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21654" - }, - { - "name" : "21634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21634" - }, - { - "name" : "21675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21675" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22342" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-javascript-engine-overflow(27987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified \"string function arguments.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1161", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1161" + }, + { + "name": "21243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21243" + }, + { + "name": "RHSA-2006:0608", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html" + }, + { + "name": "DSA-1160", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1160" + }, + { + "name": "GLSA-200608-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-02.xml" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "VU#655892", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/655892" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "19181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19181" + }, + { + "name": "TA06-208A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "ADV-2006-2998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2998" + }, + { + "name": "oval:org.mitre.oval:def:11232", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232" + }, + { + "name": "USN-361-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-361-1" + }, + { + "name": "20060727 rPSA-2006-0137-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded" + }, + { + "name": "21529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21529" + }, + { + "name": "21216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21216" + }, + { + "name": "GLSA-200608-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" + }, + { + "name": "ADV-2007-0058", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0058" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "21654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21654" + }, + { + "name": "1016588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016588" + }, + { + "name": "USN-329-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/329-1/" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "21634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21634" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "1016586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016586" + }, + { + "name": "19873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19873" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-50.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-50.html" + }, + { + "name": "mozilla-javascript-engine-overflow(27987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27987" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "USN-327-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/327-1/" + }, + { + "name": "21361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21361" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21275" + }, + { + "name": "21246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21246" + }, + { + "name": "SUSE-SA:2006:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" + }, + { + "name": "21229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21229" + }, + { + "name": "21675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21675" + }, + { + "name": "1016587", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016587" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "21228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21228" + }, + { + "name": "21250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21250" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "22342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22342" + }, + { + "name": "102763", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1" + }, + { + "name": "21358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21358" + }, + { + "name": "https://issues.rpath.com/browse/RPL-536", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-536" + }, + { + "name": "https://issues.rpath.com/browse/RPL-537", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-537" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "GLSA-200608-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-04.xml" + }, + { + "name": "21343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21343" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + }, + { + "name": "DSA-1159", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1159" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3823.json b/2006/3xxx/CVE-2006-3823.json index ac8635a3909..aa94b1b5049 100644 --- a/2006/3xxx/CVE-2006-3823.json +++ b/2006/3xxx/CVE-2006-3823.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33075", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33075" - }, - { - "name" : "http://www.packetstormsecurity.org/0607-exploits/geoauctionsSQL.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0607-exploits/geoauctionsSQL.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html" - }, - { - "name" : "19093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19093" - }, - { - "name" : "67078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67078" - }, - { - "name" : "106367", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/106367" - }, - { - "name" : "58308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58308" - }, - { - "name" : "ADV-2006-3132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3132" - }, - { - "name" : "21340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106367", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/106367" + }, + { + "name": "21340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21340" + }, + { + "name": "ADV-2006-3132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3132" + }, + { + "name": "http://www.packetstormsecurity.org/0607-exploits/geoauctionsSQL.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0607-exploits/geoauctionsSQL.txt" + }, + { + "name": "67078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67078" + }, + { + "name": "58308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58308" + }, + { + "name": "http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html" + }, + { + "name": "33075", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33075" + }, + { + "name": "19093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19093" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4236.json b/2006/4xxx/CVE-2006-4236.json index dfd96f5a217..200fc4eb048 100644 --- a/2006/4xxx/CVE-2006-4236.json +++ b/2006/4xxx/CVE-2006-4236.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after \"shopid=\" or \"sid=\" in the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060817 powergap <= (s0x.php) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443469/100/0/threaded" - }, - { - "name" : "2201", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2201" - }, - { - "name" : "19565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19565" - }, - { - "name" : "29496", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29496" - }, - { - "name" : "29497", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29497" - }, - { - "name" : "29498", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29498" - }, - { - "name" : "29499", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29499" - }, - { - "name" : "29500", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29500" - }, - { - "name" : "1016715", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016715" - }, - { - "name" : "1417", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1417" - }, - { - "name" : "powergap-shopid-file-include(28425)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after \"shopid=\" or \"sid=\" in the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29497", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29497" + }, + { + "name": "19565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19565" + }, + { + "name": "1016715", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016715" + }, + { + "name": "1417", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1417" + }, + { + "name": "29498", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29498" + }, + { + "name": "29499", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29499" + }, + { + "name": "20060817 powergap <= (s0x.php) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443469/100/0/threaded" + }, + { + "name": "2201", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2201" + }, + { + "name": "29496", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29496" + }, + { + "name": "29500", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29500" + }, + { + "name": "powergap-shopid-file-include(28425)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28425" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4252.json b/2006/4xxx/CVE-2006-4252.json index 0c723f03750..5c1a7bdd560 100644 --- a/2006/4xxx/CVE-2006-4252.json +++ b/2006/4xxx/CVE-2006-4252.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-4252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://doc.powerdns.com/powerdns-advisory-2006-02.html", - "refsource" : "CONFIRM", - "url" : "http://doc.powerdns.com/powerdns-advisory-2006-02.html" - }, - { - "name" : "SUSE-SA:2006:070", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0007.html" - }, - { - "name" : "21037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21037" - }, - { - "name" : "ADV-2006-4484", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4484" - }, - { - "name" : "22824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22824" - }, - { - "name" : "22976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22976" - }, - { - "name" : "powerdns-cname-bo(30257)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4484", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4484" + }, + { + "name": "http://doc.powerdns.com/powerdns-advisory-2006-02.html", + "refsource": "CONFIRM", + "url": "http://doc.powerdns.com/powerdns-advisory-2006-02.html" + }, + { + "name": "22824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22824" + }, + { + "name": "powerdns-cname-bo(30257)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30257" + }, + { + "name": "SUSE-SA:2006:070", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0007.html" + }, + { + "name": "21037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21037" + }, + { + "name": "22976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22976" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4407.json b/2006/4xxx/CVE-2006-4407.json index 2839561bdf1..2851a749776 100644 --- a/2006/4xxx/CVE-2006-4407.json +++ b/2006/4xxx/CVE-2006-4407.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "VU#734032", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/734032" - }, - { - "name" : "21335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21335" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "30731", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30731" - }, - { - "name" : "1017298", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017298" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "30731", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30731" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "21335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21335" + }, + { + "name": "VU#734032", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/734032" + }, + { + "name": "1017298", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017298" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4464.json b/2006/4xxx/CVE-2006-4464.json index 52a3922678e..eea22769a85 100644 --- a/2006/4xxx/CVE-2006-4464.json +++ b/2006/4xxx/CVE-2006-4464.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060811 Nokia Browser Crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442990/100/200/threaded" - }, - { - "name" : "2176", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2176" - }, - { - "name" : "19484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19484" - }, - { - "name" : "1485", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1485" - }, - { - "name" : "nokia-symbian-browser-dos(28353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nokia-symbian-browser-dos(28353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28353" + }, + { + "name": "2176", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2176" + }, + { + "name": "19484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19484" + }, + { + "name": "20060811 Nokia Browser Crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442990/100/200/threaded" + }, + { + "name": "1485", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1485" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4821.json b/2006/4xxx/CVE-2006-4821.json index ec51aab93e9..05c2a5487cb 100644 --- a/2006/4xxx/CVE-2006-4821.json +++ b/2006/4xxx/CVE-2006-4821.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/83954", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/83954" - }, - { - "name" : "20015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20015" - }, - { - "name" : "ADV-2006-3603", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3603" - }, - { - "name" : "21907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21907" - }, - { - "name" : "userreview-id-xss(28931)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3603", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3603" + }, + { + "name": "userreview-id-xss(28931)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28931" + }, + { + "name": "20015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20015" + }, + { + "name": "http://drupal.org/node/83954", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/83954" + }, + { + "name": "21907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21907" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6950.json b/2006/6xxx/CVE-2006-6950.json index 85cf2fdff8e..52d6ac04a3a 100644 --- a/2006/6xxx/CVE-2006-6950.json +++ b/2006/6xxx/CVE-2006-6950.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secwatch.org/advisories/1016194/", - "refsource" : "MISC", - "url" : "http://secwatch.org/advisories/1016194/" - }, - { - "name" : "21174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21174" - }, - { - "name" : "ADV-2006-4605", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4605" - }, - { - "name" : "23030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23030" - }, - { - "name" : "conti-ftpserver-directory-traversal(30411)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secwatch.org/advisories/1016194/", + "refsource": "MISC", + "url": "http://secwatch.org/advisories/1016194/" + }, + { + "name": "23030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23030" + }, + { + "name": "conti-ftpserver-directory-traversal(30411)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30411" + }, + { + "name": "21174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21174" + }, + { + "name": "ADV-2006-4605", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4605" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7125.json b/2006/7xxx/CVE-2006-7125.json index 00e1d8302fa..9acb3941f7c 100644 --- a/2006/7xxx/CVE-2006-7125.json +++ b/2006/7xxx/CVE-2006-7125.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 Secunia Research: Joomla BSQ Sitestats Script Insertion and SQLInjection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449125/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-65/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-65/advisory/" - }, - { - "name" : "20614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20614" - }, - { - "name" : "ADV-2006-4090", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4090" - }, - { - "name" : "bsq-sitestats-http-referer-xss(29661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4090", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4090" + }, + { + "name": "20614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20614" + }, + { + "name": "20061018 Secunia Research: Joomla BSQ Sitestats Script Insertion and SQLInjection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449125/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2006-65/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-65/advisory/" + }, + { + "name": "bsq-sitestats-http-referer-xss(29661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29661" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2074.json b/2010/2xxx/CVE-2010-2074.json index 9ce2172f74b..c45c5f82e66 100644 --- a/2010/2xxx/CVE-2010-2074.json +++ b/2010/2xxx/CVE-2010-2074.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/14/4" - }, - { - "name" : "FEDORA-2010-10369", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html" - }, - { - "name" : "RHSA-2010:0565", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0565.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "40837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40837" - }, - { - "name" : "65538", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65538" - }, - { - "name" : "1024252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024252" - }, - { - "name" : "40134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40134" - }, - { - "name" : "40733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40733" - }, - { - "name" : "ADV-2010-1467", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1467" - }, - { - "name" : "ADV-2010-1879", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1879" - }, - { - "name" : "ADV-2010-1928", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/14/4" + }, + { + "name": "40134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40134" + }, + { + "name": "65538", + "refsource": "OSVDB", + "url": "http://osvdb.org/65538" + }, + { + "name": "1024252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024252" + }, + { + "name": "ADV-2010-1467", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1467" + }, + { + "name": "ADV-2010-1879", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1879" + }, + { + "name": "ADV-2010-1928", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1928" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "RHSA-2010:0565", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0565.html" + }, + { + "name": "40837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40837" + }, + { + "name": "40733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40733" + }, + { + "name": "FEDORA-2010-10369", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2482.json b/2010/2xxx/CVE-2010-2482.json index cbef15d6d27..6f63e008e6e 100644 --- a/2010/2xxx/CVE-2010-2482.json +++ b/2010/2xxx/CVE-2010-2482.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127738540902757&w=2" - }, - { - "name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127736307002102&w=2" - }, - { - "name" : "[oss-security] 20100630 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/30/22" - }, - { - "name" : "[oss-security] 20100701 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127797353202873&w=2" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=1996", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=1996" - }, - { - "name" : "https://bugs.launchpad.net/bugs/597246", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/bugs/597246" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=603024", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=603024" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=608010", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=608010" - }, - { - "name" : "DSA-2552", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2552" - }, - { - "name" : "GLSA-201209-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" - }, - { - "name" : "40422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40422" - }, - { - "name" : "50726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2" + }, + { + "name": "https://bugs.launchpad.net/bugs/597246", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/bugs/597246" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608010", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010" + }, + { + "name": "DSA-2552", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2552" + }, + { + "name": "GLSA-201209-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=603024", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603024" + }, + { + "name": "40422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40422" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=1996", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=1996" + }, + { + "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2" + }, + { + "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2" + }, + { + "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22" + }, + { + "name": "50726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50726" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2843.json b/2010/2xxx/CVE-2010-2843.json index 37f0e5ae372..32f965ae3b2 100644 --- a/2010/2xxx/CVE-2010-2843.json +++ b/2010/2xxx/CVE-2010-2843.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290" - }, - { - "name" : "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3355.json b/2010/3xxx/CVE-2010-3355.json index c359cd000f4..c330e28251c 100644 --- a/2010/3xxx/CVE-2010-3355.json +++ b/2010/3xxx/CVE-2010-3355.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598288", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598288", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598288" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3502.json b/2010/3xxx/CVE-2010-3502.json index b7295dc23d5..3d9f5fcfa4c 100644 --- a/2010/3xxx/CVE-2010-3502.json +++ b/2010/3xxx/CVE-2010-3502.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3618.json b/2010/3xxx/CVE-2010-3618.json index d6ee0c771ec..182ec810434 100644 --- a/2010/3xxx/CVE-2010-3618.json +++ b/2010/3xxx/CVE-2010-3618.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the \"Decrypt/Verify File via Right-Click\" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a \"piggy-back\" or \"unsigned data injection\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2010-3618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf" - }, - { - "name" : "https://pgp.custhelp.com/app/answers/detail/a_id/2290", - "refsource" : "CONFIRM", - "url" : "https://pgp.custhelp.com/app/answers/detail/a_id/2290" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00" - }, - { - "name" : "VU#300785", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/300785" - }, - { - "name" : "1024760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024760" - }, - { - "name" : "42293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42293" - }, - { - "name" : "42307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42307" - }, - { - "name" : "pgpdesktop-openpgp-security-bypass(63366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the \"Decrypt/Verify File via Right-Click\" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a \"piggy-back\" or \"unsigned data injection\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024760" + }, + { + "name": "42307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42307" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00" + }, + { + "name": "http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf", + "refsource": "MISC", + "url": "http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf" + }, + { + "name": "42293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42293" + }, + { + "name": "pgpdesktop-openpgp-security-bypass(63366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63366" + }, + { + "name": "VU#300785", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/300785" + }, + { + "name": "https://pgp.custhelp.com/app/answers/detail/a_id/2290", + "refsource": "CONFIRM", + "url": "https://pgp.custhelp.com/app/answers/detail/a_id/2290" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0739.json b/2011/0xxx/CVE-2011-0739.json index fb5cfa23c2e..b41e2a102d1 100644 --- a/2011/0xxx/CVE-2011-0739.json +++ b/2011/0xxx/CVE-2011-0739.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch", - "refsource" : "MISC", - "url" : "https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch" - }, - { - "name" : "http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1", - "refsource" : "CONFIRM", - "url" : "http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1" - }, - { - "name" : "46021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46021" - }, - { - "name" : "70667", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70667" - }, - { - "name" : "43077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43077" - }, - { - "name" : "ADV-2011-0233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0233" - }, - { - "name" : "ruby-mail-deliver-command-execution(65010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0233" + }, + { + "name": "http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1", + "refsource": "CONFIRM", + "url": "http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1" + }, + { + "name": "ruby-mail-deliver-command-execution(65010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65010" + }, + { + "name": "46021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46021" + }, + { + "name": "https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch", + "refsource": "MISC", + "url": "https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch" + }, + { + "name": "43077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43077" + }, + { + "name": "70667", + "refsource": "OSVDB", + "url": "http://osvdb.org/70667" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0862.json b/2011/0xxx/CVE-2011-0862.json index 26c33a53ce3..34458599006 100644 --- a/2011/0xxx/CVE-2011-0862.json +++ b/2011/0xxx/CVE-2011-0862.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100144512", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144512" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100147041", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100147041" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "DSA-2311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2311" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02697", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "SSRT100591", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "MDVSA-2011:126", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:126" - }, - { - "name" : "RHSA-2011:0856", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0856.html" - }, - { - "name" : "RHSA-2011:0857", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0857.html" - }, - { - "name" : "RHSA-2011:0860", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0860.html" - }, - { - "name" : "RHSA-2011:0938", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0938.html" - }, - { - "name" : "RHSA-2011:1087", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1087.html" - }, - { - "name" : "RHSA-2011:1159", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1159.html" - }, - { - "name" : "RHSA-2011:1265", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1265.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "SUSE-SA:2011:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html" - }, - { - "name" : "SUSE-SA:2011:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" - }, - { - "name" : "SUSE-SA:2011:036", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html" - }, - { - "name" : "SUSE-SU-2011:0807", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2011:0863", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html" - }, - { - "name" : "SUSE-SU-2011:0966", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html" - }, - { - "name" : "openSUSE-SU-2011:0633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - }, - { - "name" : "oval:org.mitre.oval:def:13317", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13317" - }, - { - "name" : "oval:org.mitre.oval:def:14541", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14541" - }, - { - "name" : "44818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44818" - }, - { - "name" : "44930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44930" - }, - { - "name" : "49198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" + }, + { + "name": "oval:org.mitre.oval:def:13317", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13317" + }, + { + "name": "SUSE-SU-2011:0863", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2011:1087", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1087.html" + }, + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "SUSE-SA:2011:036", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html" + }, + { + "name": "DSA-2311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2311" + }, + { + "name": "RHSA-2011:1159", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1159.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144512", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144512" + }, + { + "name": "SUSE-SA:2011:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "44818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44818" + }, + { + "name": "RHSA-2011:0856", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0856.html" + }, + { + "name": "SUSE-SU-2011:0966", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html" + }, + { + "name": "RHSA-2011:0938", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0938.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100147041", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100147041" + }, + { + "name": "44930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44930" + }, + { + "name": "SUSE-SA:2011:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:14541", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14541" + }, + { + "name": "SSRT100591", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "MDVSA-2011:126", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:126" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "49198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49198" + }, + { + "name": "SUSE-SU-2011:0807", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" + }, + { + "name": "openSUSE-SU-2011:0633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + }, + { + "name": "HPSBUX02777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "HPSBUX02697", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "SSRT100854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "RHSA-2011:1265", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1265.html" + }, + { + "name": "RHSA-2011:0860", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0860.html" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + }, + { + "name": "RHSA-2011:0857", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0857.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0880.json b/2011/0xxx/CVE-2011-0880.json index 80737054868..2a3885a9fd4 100644 --- a/2011/0xxx/CVE-2011-0880.json +++ b/2011/0xxx/CVE-2011-0880.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0835." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0835." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1000.json b/2011/1xxx/CVE-2011-1000.json index 6bb2236b260..1b6e11b70a7 100644 --- a/2011/1xxx/CVE-2011-1000.json +++ b/2011/1xxx/CVE-2011-1000.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110217 CVE id request: telepathy-gabble", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/17/4" - }, - { - "name" : "[oss-security] 20110217 Re: CVE id request: telepathy-gabble", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/17/7" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=34048", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=34048" - }, - { - "name" : "DSA-2169", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2169" - }, - { - "name" : "FEDORA-2011-1668", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html" - }, - { - "name" : "FEDORA-2011-1903", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html" - }, - { - "name" : "FEDORA-2011-1284", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html" - }, - { - "name" : "openSUSE-SU-2011:0303", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/7848248" - }, - { - "name" : "USN-1067-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1067-1" - }, - { - "name" : "46440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46440" - }, - { - "name" : "43316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43316" - }, - { - "name" : "43369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43369" - }, - { - "name" : "43404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43404" - }, - { - "name" : "43485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43485" - }, - { - "name" : "43545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43545" - }, - { - "name" : "44023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44023" - }, - { - "name" : "ADV-2011-0412", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0412" - }, - { - "name" : "ADV-2011-0428", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0428" - }, - { - "name" : "ADV-2011-0537", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0537" - }, - { - "name" : "ADV-2011-0572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0572" - }, - { - "name" : "ADV-2011-0901", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0901" - }, - { - "name" : "gabble-jingle-info-security-bypass(65523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0901", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0901" + }, + { + "name": "43316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43316" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=34048", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=34048" + }, + { + "name": "44023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44023" + }, + { + "name": "gabble-jingle-info-security-bypass(65523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65523" + }, + { + "name": "ADV-2011-0537", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0537" + }, + { + "name": "[oss-security] 20110217 CVE id request: telepathy-gabble", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/17/4" + }, + { + "name": "USN-1067-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1067-1" + }, + { + "name": "FEDORA-2011-1668", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html" + }, + { + "name": "43369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43369" + }, + { + "name": "FEDORA-2011-1284", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html" + }, + { + "name": "43485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43485" + }, + { + "name": "openSUSE-SU-2011:0303", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/7848248" + }, + { + "name": "FEDORA-2011-1903", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html" + }, + { + "name": "ADV-2011-0572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0572" + }, + { + "name": "[oss-security] 20110217 Re: CVE id request: telepathy-gabble", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/17/7" + }, + { + "name": "DSA-2169", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2169" + }, + { + "name": "ADV-2011-0428", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0428" + }, + { + "name": "43545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43545" + }, + { + "name": "46440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46440" + }, + { + "name": "ADV-2011-0412", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0412" + }, + { + "name": "43404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43404" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1592.json b/2011/1xxx/CVE-2011-1592.json index 7ba5c133f3e..59e77022da8 100644 --- a/2011/1xxx/CVE-2011-1592.json +++ b/2011/1xxx/CVE-2011-1592.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110418 Re: Wireshark 1.2.16 / 1.4.5", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/18/8" - }, - { - "name" : "[oss-security] 20110418 Wireshark 1.2.16 / 1.4.5", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/18/2" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?revision=34115&view=revision", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?revision=34115&view=revision" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-06.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209" - }, - { - "name" : "MDVSA-2011:083", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:083" - }, - { - "name" : "71847", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71847" - }, - { - "name" : "oval:org.mitre.oval:def:14987", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14987" - }, - { - "name" : "44172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44172" - }, - { - "name" : "ADV-2011-1022", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1022" - }, - { - "name" : "wireshark-nfs-dos(66833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:083", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:083" + }, + { + "name": "wireshark-nfs-dos(66833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66833" + }, + { + "name": "oval:org.mitre.oval:def:14987", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14987" + }, + { + "name": "71847", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71847" + }, + { + "name": "[oss-security] 20110418 Re: Wireshark 1.2.16 / 1.4.5", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/18/8" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-06.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-06.html" + }, + { + "name": "44172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44172" + }, + { + "name": "ADV-2011-1022", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1022" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?revision=34115&view=revision", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?revision=34115&view=revision" + }, + { + "name": "[oss-security] 20110418 Wireshark 1.2.16 / 1.4.5", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/18/2" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1953.json b/2011/1xxx/CVE-2011-1953.json index 317016cfc2d..9672ff9a8c6 100644 --- a/2011/1xxx/CVE-2011-1953.json +++ b/2011/1xxx/CVE-2011-1953.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110601 Post Revolution 0.8.0c Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518205/100/0/threaded" - }, - { - "name" : "http://javierb.com.ar/2011/06/01/postrev-vunls/", - "refsource" : "MISC", - "url" : "http://javierb.com.ar/2011/06/01/postrev-vunls/" - }, - { - "name" : "http://postrev.com.ar/verpost.php?id_noticia=59", - "refsource" : "CONFIRM", - "url" : "http://postrev.com.ar/verpost.php?id_noticia=59" - }, - { - "name" : "47967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47967" - }, - { - "name" : "8270", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110601 Post Revolution 0.8.0c Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518205/100/0/threaded" + }, + { + "name": "47967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47967" + }, + { + "name": "http://javierb.com.ar/2011/06/01/postrev-vunls/", + "refsource": "MISC", + "url": "http://javierb.com.ar/2011/06/01/postrev-vunls/" + }, + { + "name": "8270", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8270" + }, + { + "name": "http://postrev.com.ar/verpost.php?id_noticia=59", + "refsource": "CONFIRM", + "url": "http://postrev.com.ar/verpost.php?id_noticia=59" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5124.json b/2011/5xxx/CVE-2011-5124.json index 7e258d4c2b4..4c8f363a5fa 100644 --- a/2011/5xxx/CVE-2011-5124.json +++ b/2011/5xxx/CVE-2011-5124.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA55", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA55" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA55", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA55" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5209.json b/2011/5xxx/CVE-2011-5209.json index 69bae407796..15f65cdae09 100644 --- a/2011/5xxx/CVE-2011-5209.json +++ b/2011/5xxx/CVE-2011-5209.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/108145/graphicclone-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/108145/graphicclone-xss.txt" - }, - { - "name" : "51258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51258" - }, - { - "name" : "78107", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78107" - }, - { - "name" : "47372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47372" - }, - { - "name" : "graphicclone-term-xss(71971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78107", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78107" + }, + { + "name": "http://packetstormsecurity.org/files/108145/graphicclone-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/108145/graphicclone-xss.txt" + }, + { + "name": "graphicclone-term-xss(71971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71971" + }, + { + "name": "47372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47372" + }, + { + "name": "51258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51258" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3233.json b/2014/3xxx/CVE-2014-3233.json index 20f87d99d19..a0f482372fe 100644 --- a/2014/3xxx/CVE-2014-3233.json +++ b/2014/3xxx/CVE-2014-3233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3345.json b/2014/3xxx/CVE-2014-3345.json index 390f9d2854e..fa7061a67f1 100644 --- a/2014/3xxx/CVE-2014-3345.json +++ b/2014/3xxx/CVE-2014-3345.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35468", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35468" - }, - { - "name" : "20140828 Transport Gateway for Smart Call Home Unauthorized Configuration Change Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3345" - }, - { - "name" : "69442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69442" - }, - { - "name" : "1030774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030774" - }, - { - "name" : "60391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60391" - }, - { - "name" : "cisco-tgsch-cve20143345-sec-bypass(95589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35468", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35468" + }, + { + "name": "69442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69442" + }, + { + "name": "20140828 Transport Gateway for Smart Call Home Unauthorized Configuration Change Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3345" + }, + { + "name": "60391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60391" + }, + { + "name": "1030774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030774" + }, + { + "name": "cisco-tgsch-cve20143345-sec-bypass(95589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95589" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3657.json b/2014/3xxx/CVE-2014-3657.json index 03051db0e85..5803a2b206b 100644 --- a/2014/3xxx/CVE-2014-3657.json +++ b/2014/3xxx/CVE-2014-3657.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fc22b2e74890873848b43fffae43025d22053669", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fc22b2e74890873848b43fffae43025d22053669" - }, - { - "name" : "http://security.libvirt.org/2014/0005.html", - "refsource" : "CONFIRM", - "url" : "http://security.libvirt.org/2014/0005.html" - }, - { - "name" : "RHSA-2014:1352", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1352.html" - }, - { - "name" : "openSUSE-SU-2014:1290", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html" - }, - { - "name" : "openSUSE-SU-2014:1293", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html" - }, - { - "name" : "USN-2404-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2404-1" - }, - { - "name" : "60291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60291" - }, - { - "name" : "62303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62303" + }, + { + "name": "USN-2404-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2404-1" + }, + { + "name": "RHSA-2014:1352", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html" + }, + { + "name": "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fc22b2e74890873848b43fffae43025d22053669", + "refsource": "CONFIRM", + "url": "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fc22b2e74890873848b43fffae43025d22053669" + }, + { + "name": "http://security.libvirt.org/2014/0005.html", + "refsource": "CONFIRM", + "url": "http://security.libvirt.org/2014/0005.html" + }, + { + "name": "openSUSE-SU-2014:1290", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html" + }, + { + "name": "60291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60291" + }, + { + "name": "openSUSE-SU-2014:1293", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6217.json b/2014/6xxx/CVE-2014-6217.json index 3c061bf4f07..e7a7c4275f1 100644 --- a/2014/6xxx/CVE-2014-6217.json +++ b/2014/6xxx/CVE-2014-6217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6217", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6217", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6488.json b/2014/6xxx/CVE-2014-6488.json index 44fe9fa63f5..1e7f2299006 100644 --- a/2014/6xxx/CVE-2014-6488.json +++ b/2014/6xxx/CVE-2014-6488.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70506" - }, - { - "name" : "1031041", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031041" - }, - { - "name" : "61727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70506" + }, + { + "name": "61727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61727" + }, + { + "name": "1031041", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031041" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6638.json b/2014/6xxx/CVE-2014-6638.json index 75a5ff6ecf7..f12d8bad544 100644 --- a/2014/6xxx/CVE-2014-6638.json +++ b/2014/6xxx/CVE-2014-6638.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wTMDesktop (aka com.wTMDesktop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#394617", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/394617" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wTMDesktop (aka com.wTMDesktop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#394617", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/394617" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6940.json b/2014/6xxx/CVE-2014-6940.json index 153af68dd42..f10af9aae25 100644 --- a/2014/6xxx/CVE-2014-6940.json +++ b/2014/6xxx/CVE-2014-6940.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application 1.0073.b0073 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#253289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/253289" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application 1.0073.b0073 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#253289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/253289" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7206.json b/2014/7xxx/CVE-2014-7206.json index 9ab3ff25894..67a11441753 100644 --- a/2014/7xxx/CVE-2014-7206.json +++ b/2014/7xxx/CVE-2014-7206.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-7206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780" - }, - { - "name" : "DSA-3048", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3048" - }, - { - "name" : "USN-2370-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2370-1" - }, - { - "name" : "70310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70310" - }, - { - "name" : "61158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61158" - }, - { - "name" : "61333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61333" - }, - { - "name" : "61768", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61768" - }, - { - "name" : "apt-cve20147206-symlink(96951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61333" + }, + { + "name": "DSA-3048", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3048" + }, + { + "name": "61768", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61768" + }, + { + "name": "61158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61158" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780" + }, + { + "name": "70310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70310" + }, + { + "name": "USN-2370-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2370-1" + }, + { + "name": "apt-cve20147206-symlink(96951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7264.json b/2014/7xxx/CVE-2014-7264.json index 374aee2f44f..712638c28ec 100644 --- a/2014/7xxx/CVE-2014-7264.json +++ b/2014/7xxx/CVE-2014-7264.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user.email or (2) user.website field in a user registration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://chyrp.net/2014/11/18/chyrp-251-security-release/", - "refsource" : "CONFIRM", - "url" : "http://chyrp.net/2014/11/18/chyrp-251-security-release/" - }, - { - "name" : "https://github.com/chyrp/chyrp/commit/43d1b6b266363ae7545d5d49851034eaeec7bebb", - "refsource" : "CONFIRM", - "url" : "https://github.com/chyrp/chyrp/commit/43d1b6b266363ae7545d5d49851034eaeec7bebb" - }, - { - "name" : "JVN#13160869", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN13160869/index.html" - }, - { - "name" : "JVNDB-2014-000149", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user.email or (2) user.website field in a user registration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000149", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000149" + }, + { + "name": "http://chyrp.net/2014/11/18/chyrp-251-security-release/", + "refsource": "CONFIRM", + "url": "http://chyrp.net/2014/11/18/chyrp-251-security-release/" + }, + { + "name": "JVN#13160869", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN13160869/index.html" + }, + { + "name": "https://github.com/chyrp/chyrp/commit/43d1b6b266363ae7545d5d49851034eaeec7bebb", + "refsource": "CONFIRM", + "url": "https://github.com/chyrp/chyrp/commit/43d1b6b266363ae7545d5d49851034eaeec7bebb" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7890.json b/2014/7xxx/CVE-2014-7890.json index 7650f2ad2c9..1d941ccf32b 100644 --- a/2014/7xxx/CVE-2014-7890.json +++ b/2014/7xxx/CVE-2014-7890.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-7890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF03279", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" - }, - { - "name" : "SSRT101694", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" - }, - { - "name" : "1031840", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031840", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031840" + }, + { + "name": "SSRT101694", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" + }, + { + "name": "HPSBHF03279", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7937.json b/2014/7xxx/CVE-2014-7937.json index fb767abf9ea..2b037100178 100644 --- a/2014/7xxx/CVE-2014-7937.json +++ b/2014/7xxx/CVE-2014-7937.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/d4608b7c83f56b17f14fdd94990341f62bb52f92", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/d4608b7c83f56b17f14fdd94990341f62bb52f92" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=419060", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=419060" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=419060", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=419060" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/d4608b7c83f56b17f14fdd94990341f62bb52f92", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/d4608b7c83f56b17f14fdd94990341f62bb52f92" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7948.json b/2014/7xxx/CVE-2014-7948.json index 36e7bc9c0d0..ed64950ca0c 100644 --- a/2014/7xxx/CVE-2014-7948.json +++ b/2014/7xxx/CVE-2014-7948.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=414026", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=414026" - }, - { - "name" : "https://codereview.chromium.org/579593003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/579593003" - }, - { - "name" : "https://codereview.chromium.org/645123003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/645123003" - }, - { - "name" : "https://codereview.chromium.org/725573004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/725573004" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "https://codereview.chromium.org/645123003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/645123003" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=414026", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=414026" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "https://codereview.chromium.org/725573004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/725573004" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + }, + { + "name": "https://codereview.chromium.org/579593003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/579593003" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8933.json b/2014/8xxx/CVE-2014-8933.json index 7e1bed1b3cc..500b2bda262 100644 --- a/2014/8xxx/CVE-2014-8933.json +++ b/2014/8xxx/CVE-2014-8933.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8933", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8933", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2074.json b/2016/2xxx/CVE-2016-2074.json index 83da928bd01..a3e42c44961 100644 --- a/2016/2xxx/CVE-2016-2074.json +++ b/2016/2xxx/CVE-2016-2074.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch", - "refsource" : "MLIST", - "url" : "http://openvswitch.org/pipermail/announce/2016-March/000082.html" - }, - { - "name" : "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available", - "refsource" : "MLIST", - "url" : "http://openvswitch.org/pipermail/announce/2016-March/000083.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318553" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2016-2074", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2016-2074" - }, - { - "name" : "https://support.citrix.com/article/CTX232655", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX232655" - }, - { - "name" : "DSA-3533", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3533" - }, - { - "name" : "GLSA-201701-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-07" - }, - { - "name" : "RHSA-2016:0615", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0615" - }, - { - "name" : "RHSA-2016:0523", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0523.html" - }, - { - "name" : "RHSA-2016:0524", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0524.html" - }, - { - "name" : "RHSA-2016:0537", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0537.html" - }, - { - "name" : "85700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch", + "refsource": "MLIST", + "url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html" + }, + { + "name": "RHSA-2016:0537", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html" + }, + { + "name": "RHSA-2016:0524", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553" + }, + { + "name": "DSA-3533", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3533" + }, + { + "name": "RHSA-2016:0615", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0615" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2016-2074", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-2074" + }, + { + "name": "GLSA-201701-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-07" + }, + { + "name": "https://support.citrix.com/article/CTX232655", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX232655" + }, + { + "name": "RHSA-2016:0523", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html" + }, + { + "name": "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available", + "refsource": "MLIST", + "url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html" + }, + { + "name": "85700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85700" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2108.json b/2016/2xxx/CVE-2016-2108.json index 17a421a8da9..1a0f781b409 100644 --- a/2016/2xxx/CVE-2016-2108.json +++ b/2016/2xxx/CVE-2016-2108.json @@ -1,347 +1,347 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27" - }, - { - "name" : "https://www.openssl.org/news/secadv/20160503.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20160503.txt" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://support.citrix.com/article/CTX212736", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX212736" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa123", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa123" - }, - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160504-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160504-0001/" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl" - }, - { - "name" : "DSA-3566", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3566" - }, - { - "name" : "FEDORA-2016-05c567df1a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html" - }, - { - "name" : "FEDORA-2016-1411324654", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html" - }, - { - "name" : "FEDORA-2016-1e39d934ed", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html" - }, - { - "name" : "GLSA-201612-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-16" - }, - { - "name" : "RHSA-2016:0722", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0722.html" - }, - { - "name" : "RHSA-2016:0996", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0996.html" - }, - { - "name" : "RHSA-2016:1137", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1137" - }, - { - "name" : "RHSA-2016:2056", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2056.html" - }, - { - "name" : "RHSA-2016:2073", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2073.html" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "RHSA-2017:0193", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0193" - }, - { - "name" : "RHSA-2017:0194", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0194" - }, - { - "name" : "SSA:2016-124-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103" - }, - { - "name" : "SUSE-SU-2016:1206", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" - }, - { - "name" : "SUSE-SU-2016:1228", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:1231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:1233", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" - }, - { - "name" : "openSUSE-SU-2016:1238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:1240", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" - }, - { - "name" : "openSUSE-SU-2016:1241", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" - }, - { - "name" : "SUSE-SU-2016:1267", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:1242", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:1243", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" - }, - { - "name" : "openSUSE-SU-2016:1273", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" - }, - { - "name" : "SUSE-SU-2016:1290", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" - }, - { - "name" : "SUSE-SU-2016:1360", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" - }, - { - "name" : "USN-2959-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2959-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "89752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89752" - }, - { - "name" : "1035721", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2016-124-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103" + }, + { + "name": "RHSA-2016:2056", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html" + }, + { + "name": "openSUSE-SU-2016:1238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" + }, + { + "name": "openSUSE-SU-2016:1242", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" + }, + { + "name": "SUSE-SU-2016:1267", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" + }, + { + "name": "RHSA-2016:2073", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us" + }, + { + "name": "DSA-3566", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3566" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "openSUSE-SU-2016:1243", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" + }, + { + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" + }, + { + "name": "SUSE-SU-2016:1228", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" + }, + { + "name": "1035721", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035721" + }, + { + "name": "http://support.citrix.com/article/CTX212736", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX212736" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27" + }, + { + "name": "openSUSE-SU-2016:1239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" + }, + { + "name": "SUSE-SU-2016:1206", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345" + }, + { + "name": "FEDORA-2016-1e39d934ed", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html" + }, + { + "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl" + }, + { + "name": "SUSE-SU-2016:1231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "FEDORA-2016-1411324654", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html" + }, + { + "name": "openSUSE-SU-2016:1240", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862" + }, + { + "name": "openSUSE-SU-2016:1241", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "SUSE-SU-2016:1360", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "SUSE-SU-2016:1233", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" + }, + { + "name": "RHSA-2017:0194", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0194" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804" + }, + { + "name": "RHSA-2017:0193", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0193" + }, + { + "name": "openSUSE-SU-2016:1237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202" + }, + { + "name": "RHSA-2016:0996", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160504-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "SUSE-SU-2016:1290", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" + }, + { + "name": "openSUSE-SU-2016:1273", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "USN-2959-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2959-1" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "RHSA-2016:0722", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html" + }, + { + "name": "https://www.openssl.org/news/secadv/20160503.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160503.txt" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa123", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa123" + }, + { + "name": "89752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89752" + }, + { + "name": "FEDORA-2016-05c567df1a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html" + }, + { + "name": "RHSA-2016:1137", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1137" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2273.json b/2016/2xxx/CVE-2016-2273.json index 0ac22d468d0..be36ca315d8 100644 --- a/2016/2xxx/CVE-2016-2273.json +++ b/2016/2xxx/CVE-2016-2273.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2273", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2273", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2679.json b/2016/2xxx/CVE-2016-2679.json index e1891db1e00..4c3298b3a08 100644 --- a/2016/2xxx/CVE-2016-2679.json +++ b/2016/2xxx/CVE-2016-2679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2679", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2679", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2744.json b/2016/2xxx/CVE-2016-2744.json index fbf631474f0..a25724b6174 100644 --- a/2016/2xxx/CVE-2016-2744.json +++ b/2016/2xxx/CVE-2016-2744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2744", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2744", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2933.json b/2016/2xxx/CVE-2016-2933.json index e1b0386230b..580d2507235 100644 --- a/2016/2xxx/CVE-2016-2933.json +++ b/2016/2xxx/CVE-2016-2933.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991892", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991892" - }, - { - "name" : "IV89780", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89780" - }, - { - "name" : "94986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94986" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991892", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991892" + }, + { + "name": "IV89780", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89780" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6307.json b/2016/6xxx/CVE-2016-6307.json index 2525c444d9b..3aa8a4933e0 100644 --- a/2016/6xxx/CVE-2016-6307.json +++ b/2016/6xxx/CVE-2016-6307.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650" - }, - { - "name" : "https://www.openssl.org/news/secadv/20160922.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20160922.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa132", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa132" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-16", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-16" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "93152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93152" - }, - { - "name" : "1036885", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openssl.org/news/secadv/20160922.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160922.txt" + }, + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + }, + { + "name": "1036885", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036885" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa132", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa132" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "93152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93152" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18046.json b/2017/18xxx/CVE-2017-18046.json index e539e02bab6..e351c5f9925 100644 --- a/2017/18xxx/CVE-2017-18046.json +++ b/2017/18xxx/CVE-2017-18046.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.securiteam.com/index.php/archives/3552", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/3552" - }, - { - "name" : "https://pastebin.com/Yxd9S46A", - "refsource" : "MISC", - "url" : "https://pastebin.com/Yxd9S46A" - }, - { - "name" : "https://twitter.com/ankit_anubhav/status/982261670394249216", - "refsource" : "MISC", - "url" : "https://twitter.com/ankit_anubhav/status/982261670394249216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/ankit_anubhav/status/982261670394249216", + "refsource": "MISC", + "url": "https://twitter.com/ankit_anubhav/status/982261670394249216" + }, + { + "name": "https://blogs.securiteam.com/index.php/archives/3552", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/3552" + }, + { + "name": "https://pastebin.com/Yxd9S46A", + "refsource": "MISC", + "url": "https://pastebin.com/Yxd9S46A" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1412.json b/2017/1xxx/CVE-2017-1412.json index 7f922018fc5..d0e506d7a49 100644 --- a/2017/1xxx/CVE-2017-1412.json +++ b/2017/1xxx/CVE-2017-1412.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-01T00:00:00", - "ID" : "CVE-2017-1412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Identity Governance and Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.2.1" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.3.1" - }, - { - "version_value" : "5.2.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "4.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-01T00:00:00", + "ID": "CVE-2017-1412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Governance and Intelligence", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.3.1" + }, + { + "version_value": "5.2.3.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869" - }, - { - "name" : "ibm-sig-cve20171412-info-disc(127400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "4.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22016869", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869" + }, + { + "name": "ibm-sig-cve20171412-info-disc(127400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127400" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5181.json b/2017/5xxx/CVE-2017-5181.json index 67240d2ae69..cb2f04e7520 100644 --- a/2017/5xxx/CVE-2017-5181.json +++ b/2017/5xxx/CVE-2017-5181.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5181", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7692. Reason: This candidate is a reservation duplicate of CVE-2017-7692. Notes: All CVE users should reference CVE-2017-7692 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5181", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7692. Reason: This candidate is a reservation duplicate of CVE-2017-7692. Notes: All CVE users should reference CVE-2017-7692 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5244.json b/2017/5xxx/CVE-2017-5244.json index 857638740d4..dc7ca2c7c45 100644 --- a/2017/5xxx/CVE-2017-5244.json +++ b/2017/5xxx/CVE-2017-5244.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Metasploit (Pro, Express, and Community editions)", - "version" : { - "version_data" : [ - { - "version_value" : "< 4.14.0 (Update 2017061301)" - } - ] - } - } - ] - }, - "vendor_name" : "Rapid7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352 (Cross-Site Request Forgery)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Metasploit (Pro, Express, and Community editions)", + "version": { + "version_data": [ + { + "version_value": "< 4.14.0 (Update 2017061301)" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/", - "refsource" : "MISC", - "url" : "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/" - }, - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed", - "refsource" : "CONFIRM", - "url" : "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed" - }, - { - "name" : "99082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 (Cross-Site Request Forgery)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99082" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed", + "refsource": "CONFIRM", + "url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed" + }, + { + "name": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/", + "refsource": "MISC", + "url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5352.json b/2017/5xxx/CVE-2017-5352.json index e6a0118b1cc..14b8db048d3 100644 --- a/2017/5xxx/CVE-2017-5352.json +++ b/2017/5xxx/CVE-2017-5352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5895.json b/2017/5xxx/CVE-2017-5895.json index 7ac2a536536..5ee3efafb9f 100644 --- a/2017/5xxx/CVE-2017-5895.json +++ b/2017/5xxx/CVE-2017-5895.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5895", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5895", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file