diff --git a/2006/0xxx/CVE-2006-0095.json b/2006/0xxx/CVE-2006-0095.json index 6efd00a11f8..449dbf11375 100644 --- a/2006/0xxx/CVE-2006-0095.json +++ b/2006/0xxx/CVE-2006-0095.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20060104 [Patch 2.6] dm-crypt: zero key before freeing it", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=113640535312572&w=2" - }, - { - "name" : "[linux-kernel] 20060104 [Patch 2.6] dm-crypt: Zero key material before free to avoid information leak", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=113641114812886&w=2" - }, - { - "name" : "DSA-1017", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1017" - }, - { - "name" : "FLSA:157459-4", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427981/100/0/threaded" - }, - { - "name" : "FEDORA-2006-102", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00037.html" - }, - { - "name" : "MDKSA-2006:040", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:040" - }, - { - "name" : "RHSA-2006:0132", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0132.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "2006-0004", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0004" - }, - { - "name" : "USN-244-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/244-1/" - }, - { - "name" : "16301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16301" - }, - { - "name" : "oval:org.mitre.oval:def:11192", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11192" - }, - { - "name" : "ADV-2006-0235", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0235" - }, - { - "name" : "22418", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22418" - }, - { - "name" : "1015740", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015740" - }, - { - "name" : "18487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18487" - }, - { - "name" : "19160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19160" - }, - { - "name" : "19374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19374" - }, - { - "name" : "18527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18527" - }, - { - "name" : "18774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18774" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "388", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/388" - }, - { - "name" : "kernel-dmcrypt-information-disclosure(24189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "388", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/388" + }, + { + "name": "[linux-kernel] 20060104 [Patch 2.6] dm-crypt: Zero key material before free to avoid information leak", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=113641114812886&w=2" + }, + { + "name": "19160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19160" + }, + { + "name": "MDKSA-2006:040", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:040" + }, + { + "name": "2006-0004", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0004" + }, + { + "name": "16301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16301" + }, + { + "name": "RHSA-2006:0132", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0132.html" + }, + { + "name": "1015740", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015740" + }, + { + "name": "18774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18774" + }, + { + "name": "[linux-kernel] 20060104 [Patch 2.6] dm-crypt: zero key before freeing it", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=113640535312572&w=2" + }, + { + "name": "FEDORA-2006-102", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00037.html" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "FLSA:157459-4", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427981/100/0/threaded" + }, + { + "name": "22418", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22418" + }, + { + "name": "DSA-1017", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1017" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "kernel-dmcrypt-information-disclosure(24189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24189" + }, + { + "name": "USN-244-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/244-1/" + }, + { + "name": "18527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18527" + }, + { + "name": "ADV-2006-0235", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0235" + }, + { + "name": "19374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19374" + }, + { + "name": "18487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18487" + }, + { + "name": "oval:org.mitre.oval:def:11192", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11192" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0221.json b/2006/0xxx/CVE-2006-0221.json index a4538f8fbc5..52435c6324a 100644 --- a/2006/0xxx/CVE-2006-0221.json +++ b/2006/0xxx/CVE-2006-0221.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060113 DDSN CMS Admin Panel SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421941/100/0/threaded" - }, - { - "name" : "16231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16231" - }, - { - "name" : "22696", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22696" - }, - { - "name" : "cm3-login-sql-injection(24266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16231" + }, + { + "name": "20060113 DDSN CMS Admin Panel SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421941/100/0/threaded" + }, + { + "name": "22696", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22696" + }, + { + "name": "cm3-login-sql-injection(24266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24266" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1025.json b/2006/1xxx/CVE-2006-1025.json index ebce0102ce3..23a9ca80d36 100644 --- a/2006/1xxx/CVE-2006-1025.json +++ b/2006/1xxx/CVE-2006-1025.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16898" - }, - { - "name" : "ADV-2006-0785", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0785" - }, - { - "name" : "23574", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23574" - }, - { - "name" : "19060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19060" - }, - { - "name" : "storebot-manage-xss(24986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0785", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0785" + }, + { + "name": "23574", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23574" + }, + { + "name": "16898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16898" + }, + { + "name": "19060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19060" + }, + { + "name": "storebot-manage-xss(24986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24986" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1721.json b/2006/1xxx/CVE-2006-1721.json index ee1635ba705..0b69bdbe3db 100644 --- a/2006/1xxx/CVE-2006-1721.json +++ b/2006/1xxx/CVE-2006-1721.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493080/100/0/threaded" - }, - { - "name" : "20060410 [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044992.html" - }, - { - "name" : "http://labs.musecurity.com/advisories/MU-200604-01.txt", - "refsource" : "MISC", - "url" : "http://labs.musecurity.com/advisories/MU-200604-01.txt" - }, - { - "name" : "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775", - "refsource" : "CONFIRM", - "url" : "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" - }, - { - "name" : "APPLE-SA-2006-09-29", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" - }, - { - "name" : "DSA-1042", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1042" - }, - { - "name" : "GLSA-200604-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-09.xml" - }, - { - "name" : "MDKSA-2006:073", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:073" - }, - { - "name" : "RHSA-2007:0795", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0795.html" - }, - { - "name" : "RHSA-2007:0878", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0878.html" - }, - { - "name" : "20070901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc" - }, - { - "name" : "SUSE-SA:2006:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_05.html" - }, - { - "name" : "2006-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0024" - }, - { - "name" : "USN-272-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/272-1/" - }, - { - "name" : "17446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17446" - }, - { - "name" : "oval:org.mitre.oval:def:9861", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9861" - }, - { - "name" : "ADV-2006-1306", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1306" - }, - { - "name" : "ADV-2006-3852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3852" - }, - { - "name" : "ADV-2008-1744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1744" - }, - { - "name" : "1016960", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016960" - }, - { - "name" : "19618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19618" - }, - { - "name" : "19809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19809" - }, - { - "name" : "19825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19825" - }, - { - "name" : "19753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19753" - }, - { - "name" : "19964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19964" - }, - { - "name" : "22187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22187" - }, - { - "name" : "20014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20014" - }, - { - "name" : "26708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26708" - }, - { - "name" : "26857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26857" - }, - { - "name" : "27237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27237" - }, - { - "name" : "30535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30535" - }, - { - "name" : "cyrus-sasl-digest-dos(25738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26708" + }, + { + "name": "ADV-2008-1744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1744" + }, + { + "name": "19825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19825" + }, + { + "name": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775", + "refsource": "CONFIRM", + "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7775" + }, + { + "name": "19809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19809" + }, + { + "name": "19618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19618" + }, + { + "name": "19753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19753" + }, + { + "name": "oval:org.mitre.oval:def:9861", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9861" + }, + { + "name": "cyrus-sasl-digest-dos(25738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25738" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm" + }, + { + "name": "http://labs.musecurity.com/advisories/MU-200604-01.txt", + "refsource": "MISC", + "url": "http://labs.musecurity.com/advisories/MU-200604-01.txt" + }, + { + "name": "26857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26857" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" + }, + { + "name": "20060410 [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044992.html" + }, + { + "name": "22187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22187" + }, + { + "name": "MDKSA-2006:073", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:073" + }, + { + "name": "ADV-2006-3852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3852" + }, + { + "name": "27237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27237" + }, + { + "name": "RHSA-2007:0878", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0878.html" + }, + { + "name": "RHSA-2007:0795", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0795.html" + }, + { + "name": "20014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20014" + }, + { + "name": "APPLE-SA-2006-09-29", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" + }, + { + "name": "30535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30535" + }, + { + "name": "17446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17446" + }, + { + "name": "19964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19964" + }, + { + "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded" + }, + { + "name": "2006-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0024" + }, + { + "name": "20070901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc" + }, + { + "name": "USN-272-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/272-1/" + }, + { + "name": "SUSE-SA:2006:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_05.html" + }, + { + "name": "1016960", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016960" + }, + { + "name": "GLSA-200604-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-09.xml" + }, + { + "name": "ADV-2006-1306", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1306" + }, + { + "name": "DSA-1042", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1042" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1991.json b/2006/1xxx/CVE-2006-1991.json index 4fe973f95b7..7706a1c9ecf 100644 --- a/2006/1xxx/CVE-2006-1991.json +++ b/2006/1xxx/CVE-2006-1991.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02", - "refsource" : "MISC", - "url" : "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02" - }, - { - "name" : "GLSA-200605-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200605-08.xml" - }, - { - "name" : "MDKSA-2006:091", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:091" - }, - { - "name" : "SUSE-SA:2006:031", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_31_php.html" - }, - { - "name" : "USN-320-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-320-1" - }, - { - "name" : "ADV-2006-1500", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1500" - }, - { - "name" : "1015979", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015979" - }, - { - "name" : "20269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20269" - }, - { - "name" : "20052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20052" - }, - { - "name" : "20676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20676" - }, - { - "name" : "21125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21125" - }, - { - "name" : "php-substrcompare-length-dos(26003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015979", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015979" + }, + { + "name": "php-substrcompare-length-dos(26003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26003" + }, + { + "name": "SUSE-SA:2006:031", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_31_php.html" + }, + { + "name": "MDKSA-2006:091", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:091" + }, + { + "name": "GLSA-200605-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200605-08.xml" + }, + { + "name": "20269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20269" + }, + { + "name": "20676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20676" + }, + { + "name": "USN-320-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-320-1" + }, + { + "name": "21125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21125" + }, + { + "name": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02", + "refsource": "MISC", + "url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02" + }, + { + "name": "ADV-2006-1500", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1500" + }, + { + "name": "20052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20052" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5165.json b/2006/5xxx/CVE-2006-5165.json index 27c72216727..2304b9fd0c3 100644 --- a/2006/5xxx/CVE-2006-5165.json +++ b/2006/5xxx/CVE-2006-5165.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2446", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2446" - }, - { - "name" : "20255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20255" - }, - { - "name" : "ADV-2006-3842", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3842" - }, - { - "name" : "22155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22155" - }, - { - "name" : "ppa-gallery-functions-file-include(29231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2446", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2446" + }, + { + "name": "ADV-2006-3842", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3842" + }, + { + "name": "22155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22155" + }, + { + "name": "20255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20255" + }, + { + "name": "ppa-gallery-functions-file-include(29231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29231" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5468.json b/2006/5xxx/CVE-2006-5468.json index d48ab42fb83..b508fd0cd0c 100644 --- a/2006/5xxx/CVE-2006-5468.json +++ b/2006/5xxx/CVE-2006-5468.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-5468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061101 rPSA-2006-0202-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450307/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-746", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-746" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm" - }, - { - "name" : "MDKSA-2006:195", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195" - }, - { - "name" : "RHSA-2006:0726", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0726.html" - }, - { - "name" : "20061101-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" - }, - { - "name" : "SUSE-SA:2006:065", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html" - }, - { - "name" : "VU#363992", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/363992" - }, - { - "name" : "20762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20762" - }, - { - "name" : "oval:org.mitre.oval:def:10707", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10707" - }, - { - "name" : "oval:org.mitre.oval:def:14120", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14120" - }, - { - "name" : "ADV-2006-4220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4220" - }, - { - "name" : "1017129", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017129" - }, - { - "name" : "22590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22590" - }, - { - "name" : "22692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22692" - }, - { - "name" : "22672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22672" - }, - { - "name" : "22797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22797" - }, - { - "name" : "22841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22841" - }, - { - "name" : "22929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22929" - }, - { - "name" : "23096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23096" - }, - { - "name" : "wireshark-http-dos(29840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#363992", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/363992" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm" + }, + { + "name": "oval:org.mitre.oval:def:10707", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10707" + }, + { + "name": "wireshark-http-dos(29840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29840" + }, + { + "name": "23096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23096" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2006-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2006-03.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-746", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-746" + }, + { + "name": "22590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22590" + }, + { + "name": "20061101-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" + }, + { + "name": "ADV-2006-4220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4220" + }, + { + "name": "22841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22841" + }, + { + "name": "20762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20762" + }, + { + "name": "SUSE-SA:2006:065", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html" + }, + { + "name": "RHSA-2006:0726", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0726.html" + }, + { + "name": "oval:org.mitre.oval:def:14120", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14120" + }, + { + "name": "22929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22929" + }, + { + "name": "20061101 rPSA-2006-0202-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450307/100/0/threaded" + }, + { + "name": "22692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22692" + }, + { + "name": "MDKSA-2006:195", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195" + }, + { + "name": "1017129", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017129" + }, + { + "name": "22672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22672" + }, + { + "name": "22797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22797" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5803.json b/2006/5xxx/CVE-2006-5803.json index ffbcf7589de..1374deb5572 100644 --- a/2006/5xxx/CVE-2006-5803.json +++ b/2006/5xxx/CVE-2006-5803.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2723", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2723" - }, - { - "name" : "20932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20932" - }, - { - "name" : "smartor-album-file-include(30015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20932" + }, + { + "name": "2723", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2723" + }, + { + "name": "smartor-album-file-include(30015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30015" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5929.json b/2006/5xxx/CVE-2006-5929.json index cf4853e91ef..6f7b634be1a 100644 --- a/2006/5xxx/CVE-2006-5929.json +++ b/2006/5xxx/CVE-2006-5929.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "22855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22855" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5988.json b/2006/5xxx/CVE-2006-5988.json index 24ffaffbf35..ac26e9b7b87 100644 --- a/2006/5xxx/CVE-2006-5988.json +++ b/2006/5xxx/CVE-2006-5988.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21083" - }, - { - "name" : "22871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21083" + }, + { + "name": "22871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22871" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2155.json b/2007/2xxx/CVE-2007-2155.json index 07f19478fc4..c6297882d49 100644 --- a/2007/2xxx/CVE-2007-2155.json +++ b/2007/2xxx/CVE-2007-2155.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070411 nEw Bug :D", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465339/100/100/threaded" - }, - { - "name" : "http://www.phpfaber.com/m/News/phpfaber_topsites_v_3_3-58.html", - "refsource" : "MISC", - "url" : "http://www.phpfaber.com/m/News/phpfaber_topsites_v_3_3-58.html" - }, - { - "name" : "20070418 [uncertain] (mostly) phpFaber TopSitespath traversal", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-April/001538.html" - }, - { - "name" : "23419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23419" - }, - { - "name" : "phpfaber-index-directory-traversal(33581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpfaber-index-directory-traversal(33581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33581" + }, + { + "name": "20070411 nEw Bug :D", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465339/100/100/threaded" + }, + { + "name": "http://www.phpfaber.com/m/News/phpfaber_topsites_v_3_3-58.html", + "refsource": "MISC", + "url": "http://www.phpfaber.com/m/News/phpfaber_topsites_v_3_3-58.html" + }, + { + "name": "23419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23419" + }, + { + "name": "20070418 [uncertain] (mostly) phpFaber TopSitespath traversal", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-April/001538.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2193.json b/2007/2xxx/CVE-2007-2193.json index f56170fd429..8bdbbb52ced 100644 --- a/2007/2xxx/CVE-2007-2193.json +++ b/2007/2xxx/CVE-2007-2193.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3776", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3776" - }, - { - "name" : "http://www.acdsee.com/support/knowledgebase/article?id=2800", - "refsource" : "MISC", - "url" : "http://www.acdsee.com/support/knowledgebase/article?id=2800" - }, - { - "name" : "23620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23620" - }, - { - "name" : "ADV-2007-1489", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1489" - }, - { - "name" : "35236", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35236" - }, - { - "name" : "24994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24994" - }, - { - "name" : "acdsee-xpm-bo(33812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24994" + }, + { + "name": "ADV-2007-1489", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1489" + }, + { + "name": "3776", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3776" + }, + { + "name": "23620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23620" + }, + { + "name": "acdsee-xpm-bo(33812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33812" + }, + { + "name": "http://www.acdsee.com/support/knowledgebase/article?id=2800", + "refsource": "MISC", + "url": "http://www.acdsee.com/support/knowledgebase/article?id=2800" + }, + { + "name": "35236", + "refsource": "OSVDB", + "url": "http://osvdb.org/35236" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2720.json b/2007/2xxx/CVE-2007-2720.json index 915dccd9d38..0df319427c0 100644 --- a/2007/2xxx/CVE-2007-2720.json +++ b/2007/2xxx/CVE-2007-2720.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://group-office.svn.sourceforge.net/viewvc/group-office?view=rev&revision=261", - "refsource" : "MISC", - "url" : "http://group-office.svn.sourceforge.net/viewvc/group-office?view=rev&revision=261" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=498556&group_id=76359", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=498556&group_id=76359" - }, - { - "name" : "23925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23925" - }, - { - "name" : "ADV-2007-1773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1773" - }, - { - "name" : "25369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25369" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=498556&group_id=76359", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=498556&group_id=76359" + }, + { + "name": "ADV-2007-1773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1773" + }, + { + "name": "http://group-office.svn.sourceforge.net/viewvc/group-office?view=rev&revision=261", + "refsource": "MISC", + "url": "http://group-office.svn.sourceforge.net/viewvc/group-office?view=rev&revision=261" + }, + { + "name": "23925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23925" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2863.json b/2007/2xxx/CVE-2007-2863.json index e9d623b839c..67042e47823 100644 --- a/2007/2xxx/CVE-2007-2863.json +++ b/2007/2xxx/CVE-2007-2863.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470601/100/0/threaded" - }, - { - "name" : "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470754/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html" - }, - { - "name" : "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp" - }, - { - "name" : "VU#739409", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/739409" - }, - { - "name" : "24331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24331" - }, - { - "name" : "ADV-2007-2072", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2072" - }, - { - "name" : "35244", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35244" - }, - { - "name" : "1018199", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018199" - }, - { - "name" : "25570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25570" - }, - { - "name" : "2790", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2790" - }, - { - "name" : "ca-multiple-antivirus-cab-bo(34741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ca-multiple-antivirus-cab-bo(34741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741" + }, + { + "name": "2790", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2790" + }, + { + "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp" + }, + { + "name": "20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded" + }, + { + "name": "ADV-2007-2072", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2072" + }, + { + "name": "24331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24331" + }, + { + "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded" + }, + { + "name": "35244", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35244" + }, + { + "name": "1018199", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018199" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html" + }, + { + "name": "VU#739409", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/739409" + }, + { + "name": "25570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25570" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0463.json b/2010/0xxx/CVE-2010-0463.json index b551929a7c2..4fb2ac3f7de 100644 --- a/2010/0xxx/CVE-2010-0463.json +++ b/2010/0xxx/CVE-2010-0463.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail", - "refsource" : "MISC", - "url" : "https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail" - }, - { - "name" : "http://bugs.horde.org/ticket/8836", - "refsource" : "CONFIRM", - "url" : "http://bugs.horde.org/ticket/8836" - }, - { - "name" : "horde-dns-info-disclosure(56052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "horde-dns-info-disclosure(56052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56052" + }, + { + "name": "https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail", + "refsource": "MISC", + "url": "https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail" + }, + { + "name": "http://bugs.horde.org/ticket/8836", + "refsource": "CONFIRM", + "url": "http://bugs.horde.org/ticket/8836" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0594.json b/2010/0xxx/CVE-2010-0594.json index 5388ccb6897..10d9e105851 100644 --- a/2010/0xxx/CVE-2010-0594.json +++ b/2010/0xxx/CVE-2010-0594.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#14313132", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN14313132/index.html" - }, - { - "name" : "JVNDB-2010-000014", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000014.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2010-000014", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000014.html" + }, + { + "name": "JVN#14313132", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN14313132/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0722.json b/2010/0xxx/CVE-2010-0722.json index 7ef463edcac..b2c69b6739c 100644 --- a/2010/0xxx/CVE-2010-0722.json +++ b/2010/0xxx/CVE-2010-0722.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://4004securityproject.wordpress.com/2010/02/22/php-auktion-pro-sql-injection-news-php/", - "refsource" : "MISC", - "url" : "http://4004securityproject.wordpress.com/2010/02/22/php-auktion-pro-sql-injection-news-php/" - }, - { - "name" : "11547", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11547" - }, - { - "name" : "38371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38371" - }, - { - "name" : "38679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38679" - }, - { - "name" : "phpauktionpro-news-sql-injection(56478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpauktionpro-news-sql-injection(56478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56478" + }, + { + "name": "http://4004securityproject.wordpress.com/2010/02/22/php-auktion-pro-sql-injection-news-php/", + "refsource": "MISC", + "url": "http://4004securityproject.wordpress.com/2010/02/22/php-auktion-pro-sql-injection-news-php/" + }, + { + "name": "38371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38371" + }, + { + "name": "11547", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11547" + }, + { + "name": "38679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38679" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1284.json b/2010/1xxx/CVE-2010-1284.json index 747526de040..80a6603a251 100644 --- a/2010/1xxx/CVE-2010-1284.json +++ b/2010/1xxx/CVE-2010-1284.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-1284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html" - }, - { - "name" : "40091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40091" - }, - { - "name" : "oval:org.mitre.oval:def:6638", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6638" - }, - { - "name" : "38751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38751" - }, - { - "name" : "ADV-2010-1128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38751" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html" + }, + { + "name": "ADV-2010-1128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1128" + }, + { + "name": "oval:org.mitre.oval:def:6638", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6638" + }, + { + "name": "40091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40091" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3110.json b/2010/3xxx/CVE-2010-3110.json index 45f905edf34..da77dd88bd4 100644 --- a/2010/3xxx/CVE-2010-3110.json +++ b/2010/3xxx/CVE-2010-3110.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SA:2010:033", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:033", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3707.json b/2010/3xxx/CVE-2010-3707.json index 14658e88027..f90970e3404 100644 --- a/2010/3xxx/CVE-2010-3707.json +++ b/2010/3xxx/CVE-2010-3707.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2010-October/053452.html" - }, - { - "name" : "[dovecot] 20101002 v1.2.15 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2010-October/053450.html" - }, - { - "name" : "[dovecot] 20101002 v2.0.5 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2010-October/053451.html" - }, - { - "name" : "[oss-security] 20101004 CVE Request: more dovecot ACL issues", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128620520732377&w=2" - }, - { - "name" : "[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128622064325688&w=2" - }, - { - "name" : "MDVSA-2010:217", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" - }, - { - "name" : "RHSA-2011:0600", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0600.html" - }, - { - "name" : "SUSE-SR:2010:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" - }, - { - "name" : "USN-1059-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1059-1" - }, - { - "name" : "43220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43220" - }, - { - "name" : "ADV-2010-2572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2572" - }, - { - "name" : "ADV-2010-2840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2840" - }, - { - "name" : "ADV-2011-0301", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128622064325688&w=2" + }, + { + "name": "USN-1059-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1059-1" + }, + { + "name": "SUSE-SR:2010:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" + }, + { + "name": "ADV-2010-2572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2572" + }, + { + "name": "[oss-security] 20101004 CVE Request: more dovecot ACL issues", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128620520732377&w=2" + }, + { + "name": "MDVSA-2010:217", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" + }, + { + "name": "43220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43220" + }, + { + "name": "ADV-2011-0301", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0301" + }, + { + "name": "[dovecot] 20101002 v1.2.15 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2010-October/053450.html" + }, + { + "name": "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2010-October/053452.html" + }, + { + "name": "RHSA-2011:0600", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0600.html" + }, + { + "name": "ADV-2010-2840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2840" + }, + { + "name": "[dovecot] 20101002 v2.0.5 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2010-October/053451.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3936.json b/2010/3xxx/CVE-2010-3936.json index bcc2f822a1d..be847eabdb1 100644 --- a/2010/3xxx/CVE-2010-3936.json +++ b/2010/3xxx/CVE-2010-3936.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS in Signurl.asp Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-089", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089" - }, - { - "name" : "TA10-313A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12218", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS in Signurl.asp Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-089", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089" + }, + { + "name": "oval:org.mitre.oval:def:12218", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12218" + }, + { + "name": "TA10-313A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4186.json b/2010/4xxx/CVE-2010-4186.json index ae6773e139c..a12a31c1e20 100644 --- a/2010/4xxx/CVE-2010-4186.json +++ b/2010/4xxx/CVE-2010-4186.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15397", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15397" - }, - { - "name" : "44608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44608" - }, - { - "name" : "68972", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68972" - }, - { - "name" : "42111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42111" - }, - { - "name" : "owos-process-sql-injection(62972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42111" + }, + { + "name": "44608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44608" + }, + { + "name": "owos-process-sql-injection(62972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62972" + }, + { + "name": "68972", + "refsource": "OSVDB", + "url": "http://osvdb.org/68972" + }, + { + "name": "15397", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15397" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4206.json b/2010/4xxx/CVE-2010-4206.json index 46b71f478c8..210163ddf97 100644 --- a/2010/4xxx/CVE-2010-4206.json +++ b/2010/4xxx/CVE-2010-4206.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.webkit.org/changeset/70652", - "refsource" : "MISC", - "url" : "http://trac.webkit.org/changeset/70652" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=48371", - "refsource" : "MISC", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=48371" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=60688", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=60688" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=656129", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=656129" - }, - { - "name" : "FEDORA-2011-0121", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "45721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45721" - }, - { - "name" : "oval:org.mitre.oval:def:11949", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11949" - }, - { - "name" : "42109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42109" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "FEDORA-2011-0121", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html" + }, + { + "name": "http://trac.webkit.org/changeset/70652", + "refsource": "MISC", + "url": "http://trac.webkit.org/changeset/70652" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "42109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42109" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=60688", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=60688" + }, + { + "name": "oval:org.mitre.oval:def:11949", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11949" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=48371", + "refsource": "MISC", + "url": "https://bugs.webkit.org/show_bug.cgi?id=48371" + }, + { + "name": "45721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45721" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=656129", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=656129" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4830.json b/2010/4xxx/CVE-2010-4830.json index 54b9b677c4e..d55c5b424ab 100644 --- a/2010/4xxx/CVE-2010-4830.json +++ b/2010/4xxx/CVE-2010-4830.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15678", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15678" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96375/tdreamsjsp-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96375/tdreamsjsp-sql.txt" - }, - { - "name" : "45203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45203" - }, - { - "name" : "34996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34996" - }, - { - "name" : "8353", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45203" + }, + { + "name": "34996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34996" + }, + { + "name": "http://packetstormsecurity.org/files/view/96375/tdreamsjsp-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96375/tdreamsjsp-sql.txt" + }, + { + "name": "8353", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8353" + }, + { + "name": "15678", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15678" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4896.json b/2010/4xxx/CVE-2010-4896.json index f7ce31096f2..377c8e9003b 100644 --- a/2010/4xxx/CVE-2010-4896.json +++ b/2010/4xxx/CVE-2010-4896.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2010/09/member-management-system-v-40-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2010/09/member-management-system-v-40-xss-vuln.html" - }, - { - "name" : "43109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43109" - }, - { - "name" : "67898", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67898" - }, - { - "name" : "41362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41362" - }, - { - "name" : "membermanagementsystem-index-xss(61703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "membermanagementsystem-index-xss(61703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61703" + }, + { + "name": "http://pridels-team.blogspot.com/2010/09/member-management-system-v-40-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2010/09/member-management-system-v-40-xss-vuln.html" + }, + { + "name": "67898", + "refsource": "OSVDB", + "url": "http://osvdb.org/67898" + }, + { + "name": "41362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41362" + }, + { + "name": "43109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43109" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0031.json b/2014/0xxx/CVE-2014-0031.json index 4be7652e385..4b23ea09454 100644 --- a/2014/0xxx/CVE-2014-0031.json +++ b/2014/0xxx/CVE-2014-0031.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl", - "refsource" : "CONFIRM", - "url" : "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl" - }, - { - "name" : "https://issues.apache.org/jira/browse/CLOUDSTACK-5145", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/CLOUDSTACK-5145" - }, - { - "name" : "55960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55960" + }, + { + "name": "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl", + "refsource": "CONFIRM", + "url": "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl" + }, + { + "name": "https://issues.apache.org/jira/browse/CLOUDSTACK-5145", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5145" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0812.json b/2014/0xxx/CVE-2014-0812.json index 6ed556a3060..1f91b89a31e 100644 --- a/2014/0xxx/CVE-2014-0812.json +++ b/2014/0xxx/CVE-2014-0812.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kent-web.com/bbs/joyful.html", - "refsource" : "CONFIRM", - "url" : "http://www.kent-web.com/bbs/joyful.html" - }, - { - "name" : "JVN#30718178", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN30718178/index.html" - }, - { - "name" : "JVNDB-2014-000013", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000013" - }, - { - "name" : "65301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65301" - }, - { - "name" : "102740", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kent-web.com/bbs/joyful.html", + "refsource": "CONFIRM", + "url": "http://www.kent-web.com/bbs/joyful.html" + }, + { + "name": "102740", + "refsource": "OSVDB", + "url": "http://osvdb.org/102740" + }, + { + "name": "65301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65301" + }, + { + "name": "JVN#30718178", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN30718178/index.html" + }, + { + "name": "JVNDB-2014-000013", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000013" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0897.json b/2014/0xxx/CVE-2014-0897.json index eec94254233..0fd5cdd7074 100644 --- a/2014/0xxx/CVE-2014-0897.json +++ b/2014/0xxx/CVE-2014-0897.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153" - }, - { - "name" : "IT03824", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824" - }, - { - "name" : "ibm-flex-cve20140897-weak-encryption(91395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153" + }, + { + "name": "IT03824", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824" + }, + { + "name": "ibm-flex-cve20140897-weak-encryption(91395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91395" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4836.json b/2014/4xxx/CVE-2014-4836.json index 2757298944c..2763860e820 100644 --- a/2014/4xxx/CVE-2014-4836.json +++ b/2014/4xxx/CVE-2014-4836.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686240", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686240" - }, - { - "name" : "61056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61056" - }, - { - "name" : "ibm-tririga-cve20144836-xss(95630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686240", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686240" + }, + { + "name": "61056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61056" + }, + { + "name": "ibm-tririga-cve20144836-xss(95630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95630" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4935.json b/2014/4xxx/CVE-2014-4935.json index 997086e740d..4c55c7de58c 100644 --- a/2014/4xxx/CVE-2014-4935.json +++ b/2014/4xxx/CVE-2014-4935.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4935", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4935", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8898.json b/2014/8xxx/CVE-2014-8898.json index 6c1754c79e7..e7b8eab5430 100644 --- a/2014/8xxx/CVE-2014-8898.json +++ b/2014/8xxx/CVE-2014-8898.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8899." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692176", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692176" - }, - { - "name" : "ibm-infospheremdm-cve20148898-xss(99051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8899." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692176", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692176" + }, + { + "name": "ibm-infospheremdm-cve20148898-xss(99051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99051" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9279.json b/2014/9xxx/CVE-2014-9279.json index 1b24dff201d..bace328e5a5 100644 --- a/2014/9xxx/CVE-2014-9279.json +++ b/2014/9xxx/CVE-2014-9279.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141129 CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/863" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=17877", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=17877" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/0826cef8", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/0826cef8" - }, - { - "name" : "71359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71359" - }, - { - "name" : "mantisbt-upgradeunattaended-sec-bypass(99031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71359" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/0826cef8", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/0826cef8" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=17877", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=17877" + }, + { + "name": "[oss-security] 20141129 CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/863" + }, + { + "name": "mantisbt-upgradeunattaended-sec-bypass(99031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99031" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9559.json b/2014/9xxx/CVE-2014-9559.json index fce83282bc3..09eafefd673 100644 --- a/2014/9xxx/CVE-2014-9559.json +++ b/2014/9xxx/CVE-2014-9559.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150201 CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/1" - }, - { - "name" : "http://tetraph.com/security/cves/cve-2014-9559-snipsnap-xss-cross-site-scripting-security-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://tetraph.com/security/cves/cve-2014-9559-snipsnap-xss-cross-site-scripting-security-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150201 CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/1" + }, + { + "name": "http://tetraph.com/security/cves/cve-2014-9559-snipsnap-xss-cross-site-scripting-security-vulnerabilities/", + "refsource": "MISC", + "url": "http://tetraph.com/security/cves/cve-2014-9559-snipsnap-xss-cross-site-scripting-security-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9708.json b/2014/9xxx/CVE-2014-9708.json index 0c424e05443..cfc71059968 100644 --- a/2014/9xxx/CVE-2014-9708.json +++ b/2014/9xxx/CVE-2014-9708.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by \"Range: x=,\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150328 Advisory: CVE-2014-9708: Appweb Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535028/100/0/threaded" - }, - { - "name" : "20150328 Advisory: CVE-2014-9708: Appweb Web Server", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/158" - }, - { - "name" : "20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Apr/19" - }, - { - "name" : "http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html" - }, - { - "name" : "https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348", - "refsource" : "CONFIRM", - "url" : "https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348" - }, - { - "name" : "https://github.com/embedthis/appweb/issues/413", - "refsource" : "CONFIRM", - "url" : "https://github.com/embedthis/appweb/issues/413" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/60", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/60" - }, - { - "name" : "73407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73407" - }, - { - "name" : "1037007", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by \"Range: x=,\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037007", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037007" + }, + { + "name": "https://github.com/embedthis/appweb/issues/413", + "refsource": "CONFIRM", + "url": "https://github.com/embedthis/appweb/issues/413" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348", + "refsource": "CONFIRM", + "url": "https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348" + }, + { + "name": "http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html" + }, + { + "name": "20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Apr/19" + }, + { + "name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535028/100/0/threaded" + }, + { + "name": "73407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73407" + }, + { + "name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/158" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/60", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/60" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9928.json b/2014/9xxx/CVE-2014-9928.json index b5c7524719e..42e08c83b2d 100644 --- a/2014/9xxx/CVE-2014-9928.json +++ b/2014/9xxx/CVE-2014-9928.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input Vulnerability in GERAN" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input Vulnerability in GERAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98233" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3011.json b/2016/3xxx/CVE-2016-3011.json index f5bb4d82dbd..4f5ecac090c 100644 --- a/2016/3xxx/CVE-2016-3011.json +++ b/2016/3xxx/CVE-2016-3011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3423.json b/2016/3xxx/CVE-2016-3423.json index cc0f64710d2..71c6821dd88 100644 --- a/2016/3xxx/CVE-2016-3423.json +++ b/2016/3xxx/CVE-2016-3423.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "1035610", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035610", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035610" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6322.json b/2016/6xxx/CVE-2016-6322.json index bd24ffde00e..31bb2803971 100644 --- a/2016/6xxx/CVE-2016-6322.json +++ b/2016/6xxx/CVE-2016-6322.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1366413", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1366413" - }, - { - "name" : "92668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366413", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366413" + }, + { + "name": "92668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92668" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6489.json b/2016/6xxx/CVE-2016-6489.json index a7c9db1d605..7315444a291 100644 --- a/2016/6xxx/CVE-2016-6489.json +++ b/2016/6xxx/CVE-2016-6489.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-6489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160729 Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/29/7" - }, - { - "name" : "https://eprint.iacr.org/2016/596.pdf", - "refsource" : "MISC", - "url" : "https://eprint.iacr.org/2016/596.pdf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1362016", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1362016" - }, - { - "name" : "https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3", - "refsource" : "CONFIRM", - "url" : "https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3" - }, - { - "name" : "GLSA-201706-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-21" - }, - { - "name" : "RHSA-2016:2582", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2582.html" - }, - { - "name" : "USN-3193-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3193-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160729 Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/29/7" + }, + { + "name": "USN-3193-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3193-1" + }, + { + "name": "GLSA-201706-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-21" + }, + { + "name": "https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3", + "refsource": "CONFIRM", + "url": "https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1362016", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362016" + }, + { + "name": "https://eprint.iacr.org/2016/596.pdf", + "refsource": "MISC", + "url": "https://eprint.iacr.org/2016/596.pdf" + }, + { + "name": "RHSA-2016:2582", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2582.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6674.json b/2016/6xxx/CVE-2016-6674.json index f48f80c1ccf..7cde9ee86af 100644 --- a/2016/6xxx/CVE-2016-6674.json +++ b/2016/6xxx/CVE-2016-6674.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "system_server in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via a crafted application, aka internal bug 30445380." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "93316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "system_server in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via a crafted application, aka internal bug 30445380." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93316" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6897.json b/2016/6xxx/CVE-2016-6897.json index 9def83b9b0d..0a11d634ede 100644 --- a/2016/6xxx/CVE-2016-6897.json +++ b/2016/6xxx/CVE-2016-6897.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40288", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40288/" - }, - { - "name" : "[oss-security] 20160820 Path traversal vulnerability in WordPress Core Ajax handlers", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/20/1" - }, - { - "name" : "https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html", - "refsource" : "MISC", - "url" : "https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8606", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8606" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568" - }, - { - "name" : "92572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92572" - }, - { - "name" : "1036683", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92572" + }, + { + "name": "1036683", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036683" + }, + { + "name": "40288", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40288/" + }, + { + "name": "[oss-security] 20160820 Path traversal vulnerability in WordPress Core Ajax handlers", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/20/1" + }, + { + "name": "https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html", + "refsource": "MISC", + "url": "https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8606", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8606" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7165.json b/2016/7xxx/CVE-2016-7165.json index 2677a296dfa..47d4d2a9260 100644 --- a/2016/7xxx/CVE-2016-7165.json +++ b/2016/7xxx/CVE-2016-7165.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (\"C:\\Program Files\\*\" or the localized equivalent)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02" - }, - { - "name" : "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html", - "refsource" : "MISC", - "url" : "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf" - }, - { - "name" : "94158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (\"C:\\Program Files\\*\" or the localized equivalent)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02" + }, + { + "name": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html", + "refsource": "MISC", + "url": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html" + }, + { + "name": "94158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94158" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7290.json b/2016/7xxx/CVE-2016-7290.json index ff70aa70d77..106568620a3 100644 --- a/2016/7xxx/CVE-2016-7290.json +++ b/2016/7xxx/CVE-2016-7290.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7291." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-148", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" - }, - { - "name" : "94670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94670" - }, - { - "name" : "1037441", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7291." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-148", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" + }, + { + "name": "94670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94670" + }, + { + "name": "1037441", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037441" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7729.json b/2016/7xxx/CVE-2016-7729.json index e46af40eaac..f8a2c6161e0 100644 --- a/2016/7xxx/CVE-2016-7729.json +++ b/2016/7xxx/CVE-2016-7729.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7729", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7729", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7976.json b/2016/7xxx/CVE-2016-7976.json index 0ddfe97accb..451d91dac02 100644 --- a/2016/7xxx/CVE-2016-7976.json +++ b/2016/7xxx/CVE-2016-7976.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161019 Re: Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/19/6" - }, - { - "name" : "http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697178", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697178" - }, - { - "name" : "DSA-3691", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3691" - }, - { - "name" : "GLSA-201702-31", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-31" - }, - { - "name" : "95332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3691", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3691" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697178", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697178" + }, + { + "name": "[oss-security] 20161019 Re: Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/19/6" + }, + { + "name": "http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d" + }, + { + "name": "GLSA-201702-31", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-31" + }, + { + "name": "95332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95332" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8197.json b/2016/8xxx/CVE-2016-8197.json index f13a11156ea..552228bc8a5 100644 --- a/2016/8xxx/CVE-2016-8197.json +++ b/2016/8xxx/CVE-2016-8197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8197", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8197", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file