diff --git a/2006/0xxx/CVE-2006-0194.json b/2006/0xxx/CVE-2006-0194.json index 46366ab4bdf..b6eacfc0434 100644 --- a/2006/0xxx/CVE-2006-0194.json +++ b/2006/0xxx/CVE-2006-0194.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 FogBugz Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421729/100/0/threaded" - }, - { - "name" : "http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html", - "refsource" : "CONFIRM", - "url" : "http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html" - }, - { - "name" : "16216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16216" - }, - { - "name" : "ADV-2006-0174", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0174" - }, - { - "name" : "22370", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22370" - }, - { - "name" : "18443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18443" - }, - { - "name" : "fogbugz-login-xss(24103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22370", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22370" + }, + { + "name": "ADV-2006-0174", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0174" + }, + { + "name": "20060112 FogBugz Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421729/100/0/threaded" + }, + { + "name": "http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html", + "refsource": "CONFIRM", + "url": "http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html" + }, + { + "name": "fogbugz-login-xss(24103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24103" + }, + { + "name": "18443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18443" + }, + { + "name": "16216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16216" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0519.json b/2006/0xxx/CVE-2006-0519.json index 5246fc5a928..9eb5d4cdf84 100644 --- a/2006/0xxx/CVE-2006-0519.json +++ b/2006/0xxx/CVE-2006-0519.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zone-h.org/en/advisories/read/id=8650/", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/en/advisories/read/id=8650/" - }, - { - "name" : "ADV-2006-0398", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0398" - }, - { - "name" : "18676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18676" - }, - { - "name" : "spip-incmessforum-path-disclosure(24399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zone-h.org/en/advisories/read/id=8650/", + "refsource": "MISC", + "url": "http://www.zone-h.org/en/advisories/read/id=8650/" + }, + { + "name": "18676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18676" + }, + { + "name": "ADV-2006-0398", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0398" + }, + { + "name": "spip-incmessforum-path-disclosure(24399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0728.json b/2006/0xxx/CVE-2006-0728.json index 2dc4731051a..fecd9ba3390 100644 --- a/2006/0xxx/CVE-2006-0728.json +++ b/2006/0xxx/CVE-2006-0728.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en", - "refsource" : "CONFIRM", - "url" : "http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en" - }, - { - "name" : "16673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16673" - }, - { - "name" : "ADV-2006-0606", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0606" - }, - { - "name" : "18885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18885" - }, - { - "name" : "webspell-search-sql-injection(24708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18885" + }, + { + "name": "http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en", + "refsource": "CONFIRM", + "url": "http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en" + }, + { + "name": "16673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16673" + }, + { + "name": "webspell-search-sql-injection(24708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24708" + }, + { + "name": "ADV-2006-0606", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0606" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1243.json b/2006/1xxx/CVE-2006-1243.json index cebab576266..68080692fae 100644 --- a/2006/1xxx/CVE-2006-1243.json +++ b/2006/1xxx/CVE-2006-1243.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1581", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1581" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=564904", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=564904" - }, - { - "name" : "Vendor ACK for CVE-2006-1243 (older Simple PHP Blog)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-November/001138.html" - }, - { - "name" : "17102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17102" - }, - { - "name" : "ADV-2006-1007", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1007" - }, - { - "name" : "19270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19270" - }, - { - "name" : "simplephpblog-install05-file-include(25322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Vendor ACK for CVE-2006-1243 (older Simple PHP Blog)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-November/001138.html" + }, + { + "name": "simplephpblog-install05-file-include(25322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25322" + }, + { + "name": "19270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19270" + }, + { + "name": "1581", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1581" + }, + { + "name": "17102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17102" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=564904", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=564904" + }, + { + "name": "ADV-2006-1007", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1007" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1250.json b/2006/1xxx/CVE-2006-1250.json index 574f250b851..1768f333a67 100644 --- a/2006/1xxx/CVE-2006-1250.json +++ b/2006/1xxx/CVE-2006-1250.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.magicwinmail.net/changelog.asp", - "refsource" : "CONFIRM", - "url" : "http://www.magicwinmail.net/changelog.asp" - }, - { - "name" : "17009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17009" - }, - { - "name" : "ADV-2006-0858", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.magicwinmail.net/changelog.asp", + "refsource": "CONFIRM", + "url": "http://www.magicwinmail.net/changelog.asp" + }, + { + "name": "ADV-2006-0858", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0858" + }, + { + "name": "17009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17009" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1588.json b/2006/1xxx/CVE-2006-1588.json index b4686407e13..eaffd10615d 100644 --- a/2006/1xxx/CVE-2006-1588.json +++ b/2006/1xxx/CVE-2006-1588.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2006-005", - "refsource" : "NETBSD", - "url" : "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc" - }, - { - "name" : "17312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17312" - }, - { - "name" : "24262", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24262" - }, - { - "name" : "1015846", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015846" - }, - { - "name" : "19464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19464" - }, - { - "name" : "bsd-ifbridge-information-disclosure(25582)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17312" + }, + { + "name": "24262", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24262" + }, + { + "name": "19464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19464" + }, + { + "name": "bsd-ifbridge-information-disclosure(25582)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25582" + }, + { + "name": "NetBSD-SA2006-005", + "refsource": "NETBSD", + "url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc" + }, + { + "name": "1015846", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015846" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1632.json b/2006/1xxx/CVE-2006-1632.json index 212982d7817..89bc8eeee66 100644 --- a/2006/1xxx/CVE-2006-1632.json +++ b/2006/1xxx/CVE-2006-1632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3568.json b/2006/3xxx/CVE-2006-3568.json index 14ed330277a..193503d2bc2 100644 --- a/2006/3xxx/CVE-2006-3568.json +++ b/2006/3xxx/CVE-2006-3568.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060711 Fantastic Guestbook v2.0.1 Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440152/100/100/threaded" - }, - { - "name" : "http://it.security.netsons.org/exploit/FGB.txt", - "refsource" : "MISC", - "url" : "http://it.security.netsons.org/exploit/FGB.txt" - }, - { - "name" : "18942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18942" - }, - { - "name" : "ADV-2006-2762", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2762" - }, - { - "name" : "27107", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27107" - }, - { - "name" : "21024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21024" - }, - { - "name" : "fantastic-guestbook-guestbook-xss(27697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://it.security.netsons.org/exploit/FGB.txt", + "refsource": "MISC", + "url": "http://it.security.netsons.org/exploit/FGB.txt" + }, + { + "name": "20060711 Fantastic Guestbook v2.0.1 Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440152/100/100/threaded" + }, + { + "name": "18942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18942" + }, + { + "name": "21024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21024" + }, + { + "name": "ADV-2006-2762", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2762" + }, + { + "name": "fantastic-guestbook-guestbook-xss(27697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27697" + }, + { + "name": "27107", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27107" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3709.json b/2006/3xxx/CVE-2006-3709.json index 62aa7bc85e8..dd2718e9ee3 100644 --- a/2006/3xxx/CVE-2006-3709.json +++ b/2006/3xxx/CVE-2006-3709.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4111.json b/2006/4xxx/CVE-2006-4111.json index 30e6bb46d9b..db1144bcd3f 100644 --- a/2006/4xxx/CVE-2006-4111.json +++ b/2006/4xxx/CVE-2006-4111.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with \"severe\" or \"serious\" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits" - }, - { - "name" : "GLSA-200608-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml" - }, - { - "name" : "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html", - "refsource" : "MISC", - "url" : "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html" - }, - { - "name" : "SUSE-SR:2006:021", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_21_sr.html" - }, - { - "name" : "19454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19454" - }, - { - "name" : "ADV-2006-3237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3237" - }, - { - "name" : "1016673", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016673" - }, - { - "name" : "21466", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21466" - }, - { - "name" : "21749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with \"severe\" or \"serious\" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21466", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21466" + }, + { + "name": "21749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21749" + }, + { + "name": "19454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19454" + }, + { + "name": "ADV-2006-3237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3237" + }, + { + "name": "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html", + "refsource": "MISC", + "url": "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html" + }, + { + "name": "SUSE-SR:2006:021", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html" + }, + { + "name": "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits" + }, + { + "name": "GLSA-200608-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml" + }, + { + "name": "1016673", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016673" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4261.json b/2006/4xxx/CVE-2006-4261.json index 0aa909b7dba..315869a6519 100644 --- a/2006/4xxx/CVE-2006-4261.json +++ b/2006/4xxx/CVE-2006-4261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4261", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4253. Reason: This candidate is a duplicate of CVE-2006-4253. Notes: All CVE users should reference CVE-2006-4253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-4261", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4253. Reason: This candidate is a duplicate of CVE-2006-4253. Notes: All CVE users should reference CVE-2006-4253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4504.json b/2006/4xxx/CVE-2006-4504.json index 77bd785a8c4..517b2f25992 100644 --- a/2006/4xxx/CVE-2006-4504.json +++ b/2006/4xxx/CVE-2006-4504.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060912 [eVuln] NX5Linkx Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445916/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/138/", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/138/" - }, - { - "name" : "20010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20010" - }, - { - "name" : "ADV-2006-3631", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3631" - }, - { - "name" : "21922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21922" - }, - { - "name" : "nx5linkx-sql-injection(28602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21922" + }, + { + "name": "http://www.evuln.com/vulns/138/", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/138/" + }, + { + "name": "20010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20010" + }, + { + "name": "nx5linkx-sql-injection(28602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28602" + }, + { + "name": "20060912 [eVuln] NX5Linkx Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445916/100/0/threaded" + }, + { + "name": "ADV-2006-3631", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3631" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4674.json b/2006/4xxx/CVE-2006-4674.json index 0d23e5d67d2..b331b350bbc 100644 --- a/2006/4xxx/CVE-2006-4674.json +++ b/2006/4xxx/CVE-2006-4674.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445516/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html" - }, - { - "name" : "http://bugs.splitbrain.org/index.php?do=details&id=906", - "refsource" : "CONFIRM", - "url" : "http://bugs.splitbrain.org/index.php?do=details&id=906" - }, - { - "name" : "GLSA-200609-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-10.xml" - }, - { - "name" : "21819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21819" - }, - { - "name" : "21936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21936" - }, - { - "name" : "1537", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html" + }, + { + "name": "1537", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1537" + }, + { + "name": "http://bugs.splitbrain.org/index.php?do=details&id=906", + "refsource": "CONFIRM", + "url": "http://bugs.splitbrain.org/index.php?do=details&id=906" + }, + { + "name": "GLSA-200609-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-10.xml" + }, + { + "name": "21936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21936" + }, + { + "name": "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445516/100/0/threaded" + }, + { + "name": "21819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21819" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2554.json b/2010/2xxx/CVE-2010-2554.json index c6dfd4b9eda..3c2c7d28b2e 100644 --- a/2010/2xxx/CVE-2010-2554.json +++ b/2010/2xxx/CVE-2010-2554.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka \"Tracing Registry Key ACL Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059" - }, - { - "name" : "oval:org.mitre.oval:def:12082", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka \"Tracing Registry Key ACL Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12082", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12082" + }, + { + "name": "MS10-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2656.json b/2010/2xxx/CVE-2010-2656.json index 1be84442348..7c1a7a74ab9 100644 --- a/2010/2xxx/CVE-2010-2656.json +++ b/2010/2xxx/CVE-2010-2656.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14237", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14237/" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=154", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=154" - }, - { - "name" : "41383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41383" - }, - { - "name" : "66123", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14237", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14237/" + }, + { + "name": "41383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41383" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=154", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=154" + }, + { + "name": "66123", + "refsource": "OSVDB", + "url": "http://osvdb.org/66123" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2819.json b/2010/2xxx/CVE-2010-2819.json index c8958e3dd55..b1cd491748e 100644 --- a/2010/2xxx/CVE-2010-2819.json +++ b/2010/2xxx/CVE-2010-2819.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100804 Multiple Vulnerabilities in Cisco Firewall Services Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f130.shtml" - }, - { - "name" : "40843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40843" + }, + { + "name": "20100804 Multiple Vulnerabilities in Cisco Firewall Services Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f130.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2844.json b/2010/2xxx/CVE-2010-2844.json index e6c5867cc29..fb53e81731a 100644 --- a/2010/2xxx/CVE-2010-2844.json +++ b/2010/2xxx/CVE-2010-2844.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cross-site-scripting.blogspot.com/2010/07/news-office-2018-reflected-xss.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/07/news-office-2018-reflected-xss.html" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/newsoffice-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/newsoffice-xss.txt" - }, - { - "name" : "41419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41419" - }, - { - "name" : "ADV-2010-1723", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1723" - }, - { - "name" : "newsoffice-newsshow-xss(60182)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1723", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1723" + }, + { + "name": "newsoffice-newsshow-xss(60182)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60182" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/newsoffice-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/newsoffice-xss.txt" + }, + { + "name": "41419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41419" + }, + { + "name": "http://cross-site-scripting.blogspot.com/2010/07/news-office-2018-reflected-xss.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/07/news-office-2018-reflected-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2998.json b/2010/2xxx/CVE-2010-2998.json index 67bb67ba0c8..de41ef33eb8 100644 --- a/2010/2xxx/CVE-2010-2998.json +++ b/2010/2xxx/CVE-2010-2998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a \"malformed IVR pointer index\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-209/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-209/" - }, - { - "name" : "http://service.real.com/realplayer/security/10152010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/10152010_player/en/" - }, - { - "name" : "44144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a \"malformed IVR pointer index\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44144" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-209/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-209/" + }, + { + "name": "http://service.real.com/realplayer/security/10152010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/10152010_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3503.json b/2010/3xxx/CVE-2010-3503.json index 8b9e9069c76..b718a839312 100644 --- a/2010/3xxx/CVE-2010-3503.json +++ b/2010/3xxx/CVE-2010-3503.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3628.json b/2010/3xxx/CVE-2010-3628.json index 8912f3005ef..0b9c5b50b53 100644 --- a/2010/3xxx/CVE-2010-3628.json +++ b/2010/3xxx/CVE-2010-3628.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7455", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7455" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "oval:org.mitre.oval:def:7455", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7455" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3732.json b/2010/3xxx/CVE-2010-3732.json index 1320df26c25..c958fbb42f3 100644 --- a/2010/3xxx/CVE-2010-3732.json +++ b/2010/3xxx/CVE-2010-3732.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "IZ56428", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428" - }, - { - "name" : "oval:org.mitre.oval:def:14219", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14219", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219" + }, + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "IZ56428", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4349.json b/2010/4xxx/CVE-2010-4349.json index ca224260321..a9ae311ee63 100644 --- a/2010/4xxx/CVE-2010-4349.json +++ b/2010/4xxx/CVE-2010-4349.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/15/4" - }, - { - "name" : "[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/16/1" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php" - }, - { - "name" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=12607", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=12607" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=663230", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=663230" - }, - { - "name" : "http://www.mantisbt.org/blog/?p=123", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/blog/?p=123" - }, - { - "name" : "FEDORA-2010-19070", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html" - }, - { - "name" : "FEDORA-2010-19078", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html" - }, - { - "name" : "GLSA-201211-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml" - }, - { - "name" : "42772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42772" - }, - { - "name" : "51199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51199" - }, - { - "name" : "ADV-2011-0002", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0002" - }, - { - "name" : "mantisbt-dbtype-path-disclosure(64463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0002", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0002" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php" + }, + { + "name": "[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/16/1" + }, + { + "name": "GLSA-201211-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml" + }, + { + "name": "http://www.mantisbt.org/blog/?p=123", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/blog/?p=123" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=12607", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=12607" + }, + { + "name": "mantisbt-dbtype-path-disclosure(64463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64463" + }, + { + "name": "51199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51199" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=663230", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663230" + }, + { + "name": "FEDORA-2010-19078", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html" + }, + { + "name": "[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/15/4" + }, + { + "name": "42772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42772" + }, + { + "name": "FEDORA-2010-19070", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html" + }, + { + "name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4360.json b/2010/4xxx/CVE-2010-4360.json index 52a27662126..58845090253 100644 --- a/2010/4xxx/CVE-2010-4360.json +++ b/2010/4xxx/CVE-2010-4360.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45076" - }, - { - "name" : "42387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42387" + }, + { + "name": "45076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45076" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1067.json b/2011/1xxx/CVE-2011-1067.json index e0863762cd7..9a94a92239d 100644 --- a/2011/1xxx/CVE-2011-1067.json +++ b/2011/1xxx/CVE-2011-1067.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://directory.fedoraproject.org/wiki/Release_Notes", - "refsource" : "CONFIRM", - "url" : "http://directory.fedoraproject.org/wiki/Release_Notes" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=668619", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=668619" - }, - { - "name" : "43566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43566" - }, - { - "name" : "rhds-simple-paged-dos(65769)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43566" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=668619", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=668619" + }, + { + "name": "rhds-simple-paged-dos(65769)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769" + }, + { + "name": "http://directory.fedoraproject.org/wiki/Release_Notes", + "refsource": "CONFIRM", + "url": "http://directory.fedoraproject.org/wiki/Release_Notes" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1238.json b/2011/1xxx/CVE-2011-1238.json index 2c591c01f07..9fdc04d4817 100644 --- a/2011/1xxx/CVE-2011-1238.json +++ b/2011/1xxx/CVE-2011-1238.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47215" - }, - { - "name" : "71753", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71753" - }, - { - "name" : "oval:org.mitre.oval:def:12417", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12417" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var26-priv-escalation(66420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "mswin-win32k-var26-priv-escalation(66420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66420" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "47215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47215" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "71753", + "refsource": "OSVDB", + "url": "http://osvdb.org/71753" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + }, + { + "name": "oval:org.mitre.oval:def:12417", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12417" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5275.json b/2011/5xxx/CVE-2011-5275.json index c4b24768a84..13f48dad7ab 100644 --- a/2011/5xxx/CVE-2011-5275.json +++ b/2011/5xxx/CVE-2011-5275.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618" - }, - { - "name" : "DSA-2365", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618" + }, + { + "name": "DSA-2365", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2365" + }, + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3095.json b/2014/3xxx/CVE-2014-3095.json index 37c30308940..db80005f871 100644 --- a/2014/3xxx/CVE-2014-3095.json +++ b/2014/3xxx/CVE-2014-3095.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681623", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681623" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683297", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683297" - }, - { - "name" : "IT02433", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433" - }, - { - "name" : "IT02643", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643" - }, - { - "name" : "IT02644", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644" - }, - { - "name" : "IT02645", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645" - }, - { - "name" : "IT02646", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646" - }, - { - "name" : "69546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69546" - }, - { - "name" : "60845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60845" - }, - { - "name" : "58725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58725" - }, - { - "name" : "ibm-db2-cve20143095-dos(94263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623" + }, + { + "name": "IT02644", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297" + }, + { + "name": "69546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69546" + }, + { + "name": "IT02645", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645" + }, + { + "name": "ibm-db2-cve20143095-dos(94263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263" + }, + { + "name": "58725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58725" + }, + { + "name": "IT02643", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643" + }, + { + "name": "IT02433", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433" + }, + { + "name": "IT02646", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646" + }, + { + "name": "60845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60845" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3309.json b/2014/3xxx/CVE-2014-3309.json index 86cae9caac4..919ad871337 100644 --- a/2014/3xxx/CVE-2014-3309.json +++ b/2014/3xxx/CVE-2014-3309.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a \"deny all\" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140708 Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309" - }, - { - "name" : "68463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68463" - }, - { - "name" : "1030549", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030549" - }, - { - "name" : "ciscoios-cve20143309-info-disc(94420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a \"deny all\" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030549", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030549" + }, + { + "name": "20140708 Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309" + }, + { + "name": "68463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68463" + }, + { + "name": "ciscoios-cve20143309-info-disc(94420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94420" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3315.json b/2014/3xxx/CVE-2014-3315.json index 1d29fbf837c..ca7cd9b55ce 100644 --- a/2014/3xxx/CVE-2014-3315.json +++ b/2014/3xxx/CVE-2014-3315.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900" - }, - { - "name" : "20140709 Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315" - }, - { - "name" : "68477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68477" - }, - { - "name" : "59739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59739" - }, - { - "name" : "cucm-cve20143315-xss(94430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140709 Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900" + }, + { + "name": "68477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68477" + }, + { + "name": "59739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59739" + }, + { + "name": "cucm-cve20143315-xss(94430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3334.json b/2014/3xxx/CVE-2014-3334.json index f524b44fce6..23fea8c9171 100644 --- a/2014/3xxx/CVE-2014-3334.json +++ b/2014/3xxx/CVE-2014-3334.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3334", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3334", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3634.json b/2014/3xxx/CVE-2014-3634.json index 6c52acf3979..32e1e3b1547 100644 --- a/2014/3xxx/CVE-2014-3634.json +++ b/2014/3xxx/CVE-2014-3634.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140930 vulnerability in rsyslog", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/30/15" - }, - { - "name" : "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/03/1" - }, - { - "name" : "http://www.rsyslog.com/remote-syslog-pri-vulnerability/", - "refsource" : "CONFIRM", - "url" : "http://www.rsyslog.com/remote-syslog-pri-vulnerability/" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1654", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1654" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0411.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0411.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3040", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3040" - }, - { - "name" : "MDVSA-2015:130", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:130" - }, - { - "name" : "RHSA-2014:1397", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1397.html" - }, - { - "name" : "RHSA-2014:1654", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1654.html" - }, - { - "name" : "RHSA-2014:1671", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1671.html" - }, - { - "name" : "SUSE-SU-2014:1294", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html" - }, - { - "name" : "openSUSE-SU-2014:1297", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html" - }, - { - "name" : "openSUSE-SU-2014:1298", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html" - }, - { - "name" : "USN-2381-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2381-1" - }, - { - "name" : "61494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61494" - }, - { - "name" : "61720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61720" - }, - { - "name" : "61930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1297", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html" + }, + { + "name": "RHSA-2014:1671", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1671.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0411.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0411.html" + }, + { + "name": "SUSE-SU-2014:1294", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html" + }, + { + "name": "openSUSE-SU-2014:1298", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html" + }, + { + "name": "RHSA-2014:1654", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1654.html" + }, + { + "name": "61720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61720" + }, + { + "name": "MDVSA-2015:130", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:130" + }, + { + "name": "[oss-security] 20140930 vulnerability in rsyslog", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/30/15" + }, + { + "name": "61494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61494" + }, + { + "name": "RHSA-2014:1397", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1397.html" + }, + { + "name": "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/03/1" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1654", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1654" + }, + { + "name": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/", + "refsource": "CONFIRM", + "url": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/" + }, + { + "name": "USN-2381-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2381-1" + }, + { + "name": "DSA-3040", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3040" + }, + { + "name": "61930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61930" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7212.json b/2014/7xxx/CVE-2014-7212.json index 7f7bcf1dc26..766f8f39859 100644 --- a/2014/7xxx/CVE-2014-7212.json +++ b/2014/7xxx/CVE-2014-7212.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7212", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7212", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8130.json b/2014/8xxx/CVE-2014-8130.json index e16f18f80c5..234678b396a 100644 --- a/2014/8xxx/CVE-2014-8130.json +++ b/2014/8xxx/CVE-2014-8130.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/01/24/15" - }, - { - "name" : "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt", - "refsource" : "MISC", - "url" : "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2483", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2483" - }, - { - "name" : "http://support.apple.com/kb/HT204941", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204941" - }, - { - "name" : "http://support.apple.com/kb/HT204942", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204942" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185817", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185817" - }, - { - "name" : "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543", - "refsource" : "CONFIRM", - "url" : "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543" - }, - { - "name" : "APPLE-SA-2015-06-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-06-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "RHSA-2016:1546", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html" - }, - { - "name" : "RHSA-2016:1547", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html" - }, - { - "name" : "72353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72353" - }, - { - "name" : "1032760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT204941", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204941" + }, + { + "name": "RHSA-2016:1547", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html" + }, + { + "name": "72353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72353" + }, + { + "name": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543", + "refsource": "CONFIRM", + "url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543" + }, + { + "name": "APPLE-SA-2015-06-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" + }, + { + "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/01/24/15" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "1032760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032760" + }, + { + "name": "http://support.apple.com/kb/HT204942", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204942" + }, + { + "name": "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt", + "refsource": "MISC", + "url": "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt" + }, + { + "name": "APPLE-SA-2015-06-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" + }, + { + "name": "RHSA-2016:1546", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2483", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2483" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8820.json b/2014/8xxx/CVE-2014-8820.json index d2c9047e5d2..0480b4a5d34 100644 --- a/2014/8xxx/CVE-2014-8820.json +++ b/2014/8xxx/CVE-2014-8820.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - }, - { - "name" : "macosx-cve20148820-priv-esc(100501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + }, + { + "name": "macosx-cve20148820-priv-esc(100501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100501" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9156.json b/2014/9xxx/CVE-2014-9156.json index 6d57ae1f6a8..5f45b505b22 100644 --- a/2014/9xxx/CVE-2014-9156.json +++ b/2014/9xxx/CVE-2014-9156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2304561", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2304561" - }, - { - "name" : "http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1", - "refsource" : "CONFIRM", - "url" : "http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1" - }, - { - "name" : "https://www.drupal.org/node/2304517", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2304517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2304517", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2304517" + }, + { + "name": "https://www.drupal.org/node/2304561", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2304561" + }, + { + "name": "http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1", + "refsource": "CONFIRM", + "url": "http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9370.json b/2014/9xxx/CVE-2014-9370.json index d88a0b87113..5aa410a5a2d 100644 --- a/2014/9xxx/CVE-2014-9370.json +++ b/2014/9xxx/CVE-2014-9370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9370", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9370", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9586.json b/2014/9xxx/CVE-2014-9586.json index 1ba281aafdd..e61422be375 100644 --- a/2014/9xxx/CVE-2014-9586.json +++ b/2014/9xxx/CVE-2014-9586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9586", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9586", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9626.json b/2014/9xxx/CVE-2014-9626.json index a447178897c..fc8c59c1581 100644 --- a/2014/9xxx/CVE-2014-9626.json +++ b/2014/9xxx/CVE-2014-9626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9626", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9812.json b/2014/9xxx/CVE-2014-9812.json index 37a1b0f1180..f7ca00404d4 100644 --- a/2014/9xxx/CVE-2014-9812.json +++ b/2014/9xxx/CVE-2014-9812.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343468", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343468", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343468" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2100.json b/2016/2xxx/CVE-2016-2100.json index 510909e213c..e80a0509d90 100644 --- a/2016/2xxx/CVE-2016-2100.json +++ b/2016/2xxx/CVE-2016-2100.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160331 CVE-2016-2100: Foreman private bookmarks can be viewed and edited", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/31/2" - }, - { - "name" : "http://projects.theforeman.org/issues/13828", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/13828" - }, - { - "name" : "http://theforeman.org/security.html#2016-2100", - "refsource" : "CONFIRM", - "url" : "http://theforeman.org/security.html#2016-2100" - }, - { - "name" : "RHBA-2016:1500", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2016:1500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHBA-2016:1500", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2016:1500" + }, + { + "name": "[oss-security] 20160331 CVE-2016-2100: Foreman private bookmarks can be viewed and edited", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/31/2" + }, + { + "name": "http://projects.theforeman.org/issues/13828", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/13828" + }, + { + "name": "http://theforeman.org/security.html#2016-2100", + "refsource": "CONFIRM", + "url": "http://theforeman.org/security.html#2016-2100" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2178.json b/2016/2xxx/CVE-2016-2178.json index 5e352725891..9ce7a6534dd 100644 --- a/2016/2xxx/CVE-2016-2178.json +++ b/2016/2xxx/CVE-2016-2178.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/08/2" - }, - { - "name" : "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/09/8" - }, - { - "name" : "http://eprint.iacr.org/2016/594.pdf", - "refsource" : "MISC", - "url" : "http://eprint.iacr.org/2016/594.pdf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343400", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343400" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAPSV", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAPSV" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAPUE", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAPUE" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa132", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa132" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-16", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-16" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" - }, - { - "name" : "FreeBSD-SA-16:26", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" - }, - { - "name" : "GLSA-201612-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-16" - }, - { - "name" : "RHSA-2016:1940", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1940.html" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "RHSA-2017:0193", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0193" - }, - { - "name" : "RHSA-2017:0194", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0194" - }, - { - "name" : "RHSA-2017:1658", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1658" - }, - { - "name" : "RHSA-2017:1659", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1659.html" - }, - { - "name" : "SUSE-SU-2016:2470", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" - }, - { - "name" : "91081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91081" - }, - { - "name" : "1036054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAPUE", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPUE" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "RHSA-2017:1659", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html" + }, + { + "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8" + }, + { + "name": "RHSA-2017:1658", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1658" + }, + { + "name": "RHSA-2016:1940", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAPSV", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPSV" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + }, + { + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "91081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91081" + }, + { + "name": "RHSA-2017:0194", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0194" + }, + { + "name": "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2" + }, + { + "name": "RHSA-2017:0193", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0193" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa132", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa132" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "FreeBSD-SA-16:26", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" + }, + { + "name": "SUSE-SU-2016:2470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + }, + { + "name": "1036054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036054" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + }, + { + "name": "http://eprint.iacr.org/2016/594.pdf", + "refsource": "MISC", + "url": "http://eprint.iacr.org/2016/594.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2731.json b/2016/2xxx/CVE-2016-2731.json index fb242b1a65a..75e876ddfde 100644 --- a/2016/2xxx/CVE-2016-2731.json +++ b/2016/2xxx/CVE-2016-2731.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2731", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2731", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6086.json b/2016/6xxx/CVE-2016-6086.json index 53394c98af5..4f7a662b186 100644 --- a/2016/6xxx/CVE-2016-6086.json +++ b/2016/6xxx/CVE-2016-6086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6086", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6086", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6609.json b/2016/6xxx/CVE-2016-6609.json index bc816adfb34..0cbd3a4b47f 100644 --- a/2016/6xxx/CVE-2016-6609.json +++ b/2016/6xxx/CVE-2016-6609.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-32", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-32" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "94112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94112" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-32", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-32" + }, + { + "name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7044.json b/2016/7xxx/CVE-2016-7044.json index 7e6d8ca03f7..3686aec8fd1 100644 --- a/2016/7xxx/CVE-2016-7044.json +++ b/2016/7xxx/CVE-2016-7044.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://irssi.org/security/irssi_sa_2016.txt", - "refsource" : "CONFIRM", - "url" : "https://irssi.org/security/irssi_sa_2016.txt" - }, - { - "name" : "DSA-3672", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3672" - }, - { - "name" : "USN-3086-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3086-1" - }, - { - "name" : "1036868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3672", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3672" + }, + { + "name": "https://irssi.org/security/irssi_sa_2016.txt", + "refsource": "CONFIRM", + "url": "https://irssi.org/security/irssi_sa_2016.txt" + }, + { + "name": "1036868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036868" + }, + { + "name": "USN-3086-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3086-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7154.json b/2016/7xxx/CVE-2016-7154.json index 17b226fb442..32f237838d5 100644 --- a/2016/7xxx/CVE-2016-7154.json +++ b/2016/7xxx/CVE-2016-7154.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf", - "refsource" : "MISC", - "url" : "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf" - }, - { - "name" : "http://support.citrix.com/article/CTX216071", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX216071" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-188.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-188.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa188.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa188.patch" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "DSA-3663", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3663" - }, - { - "name" : "92863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92863" - }, - { - "name" : "1036754", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "92863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92863" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-188.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-188.html" + }, + { + "name": "DSA-3663", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3663" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa188.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa188.patch" + }, + { + "name": "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf", + "refsource": "MISC", + "url": "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf" + }, + { + "name": "http://support.citrix.com/article/CTX216071", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX216071" + }, + { + "name": "1036754", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036754" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7392.json b/2016/7xxx/CVE-2016-7392.json index 0bb67dbaf1f..2b910b7d46d 100644 --- a/2016/7xxx/CVE-2016-7392.json +++ b/2016/7xxx/CVE-2016-7392.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160910 Re: autotrace: out-of-bounds write", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/10/3" - }, - { - "name" : "[oss-security] 20160913 Re: autotrace: out-of-bounds write", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/12/7" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1375255", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1375255" - }, - { - "name" : "GLSA-201708-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-09" - }, - { - "name" : "92907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201708-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-09" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/" + }, + { + "name": "[oss-security] 20160910 Re: autotrace: out-of-bounds write", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/10/3" + }, + { + "name": "92907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92907" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1375255", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375255" + }, + { + "name": "[oss-security] 20160913 Re: autotrace: out-of-bounds write", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/12/7" + } + ] + } +} \ No newline at end of file diff --git a/2017/1001xxx/CVE-2017-1001000.json b/2017/1001xxx/CVE-2017-1001000.json index e11a230621e..c45a62aebc1 100644 --- a/2017/1001xxx/CVE-2017-1001000.json +++ b/2017/1001xxx/CVE-2017-1001000.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1001000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "josh@bress.net", + "ID": "CVE-2017-1001000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170210 Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/10/16" - }, - { - "name" : "https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html", - "refsource" : "MISC", - "url" : "https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html" - }, - { - "name" : "https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html", - "refsource" : "MISC", - "url" : "https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html" - }, - { - "name" : "https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab", - "refsource" : "MISC", - "url" : "https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab" - }, - { - "name" : "https://codex.wordpress.org/Version_4.7.2", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.7.2" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7" - }, - { - "name" : "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/", - "refsource" : "CONFIRM", - "url" : "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/" - }, - { - "name" : "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/" - }, - { - "name" : "1037731", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codex.wordpress.org/Version_4.7.2", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.7.2" + }, + { + "name": "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/", + "refsource": "CONFIRM", + "url": "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/" + }, + { + "name": "https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html", + "refsource": "MISC", + "url": "https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html" + }, + { + "name": "https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab", + "refsource": "MISC", + "url": "https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab" + }, + { + "name": "https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html", + "refsource": "MISC", + "url": "https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7" + }, + { + "name": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/" + }, + { + "name": "[oss-security] 20170210 Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/10/16" + }, + { + "name": "1037731", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037731" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5250.json b/2017/5xxx/CVE-2017-5250.json index 342acce01d3..6980e5d252b 100644 --- a/2017/5xxx/CVE-2017-5250.json +++ b/2017/5xxx/CVE-2017-5250.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Insteon for Hub", - "version" : { - "version_data" : [ - { - "version_value" : "1.9.7" - } - ] - } - } - ] - }, - "vendor_name" : "Insteon" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-922 (Insecure Storage of Sensitive Information)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insteon for Hub", + "version": { + "version_data": [ + { + "version_value": "1.9.7" + } + ] + } + } + ] + }, + "vendor_name": "Insteon" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922 (Insecure Storage of Sensitive Information)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5493.json b/2017/5xxx/CVE-2017-5493.json index dbc00821b80..d9a74313359 100644 --- a/2017/5xxx/CVE-2017-5493.json +++ b/2017/5xxx/CVE-2017-5493.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/14/6" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8721", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8721" - }, - { - "name" : "https://codex.wordpress.org/Version_4.7.1", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.7.1" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4" - }, - { - "name" : "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/" - }, - { - "name" : "DSA-3779", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3779" - }, - { - "name" : "95401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95401" - }, - { - "name" : "1037591", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8721", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8721" + }, + { + "name": "95401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95401" + }, + { + "name": "DSA-3779", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3779" + }, + { + "name": "https://codex.wordpress.org/Version_4.7.1", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.7.1" + }, + { + "name": "[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/14/6" + }, + { + "name": "1037591", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037591" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4" + }, + { + "name": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5586.json b/2017/5xxx/CVE-2017-5586.json index 4e27723edd0..adf0b7f5c39 100644 --- a/2017/5xxx/CVE-2017-5586.json +++ b/2017/5xxx/CVE-2017-5586.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41366", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41366/" - }, - { - "name" : "http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html" - }, - { - "name" : "96216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html" + }, + { + "name": "41366", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41366/" + }, + { + "name": "96216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96216" + } + ] + } +} \ No newline at end of file