diff --git a/2006/0xxx/CVE-2006-0321.json b/2006/0xxx/CVE-2006-0321.json index 60c348f59cb..8115b6c089c 100644 --- a/2006/0xxx/CVE-2006-0321.json +++ b/2006/0xxx/CVE-2006-0321.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060122 fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422936/100/0/threaded" - }, - { - "name" : "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt", - "refsource" : "CONFIRM", - "url" : "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747" - }, - { - "name" : "http://developer.berlios.de/project/shownotes.php?release_id=8784", - "refsource" : "CONFIRM", - "url" : "http://developer.berlios.de/project/shownotes.php?release_id=8784" - }, - { - "name" : "APPLE-SA-2006-08-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" - }, - { - "name" : "SSA:2006-045-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499" - }, - { - "name" : "TA06-214A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" - }, - { - "name" : "16365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16365" - }, - { - "name" : "19289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19289" - }, - { - "name" : "ADV-2006-0300", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0300" - }, - { - "name" : "ADV-2006-3101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3101" - }, - { - "name" : "22691", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22691" - }, - { - "name" : "1015527", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015527" - }, - { - "name" : "18571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18571" - }, - { - "name" : "18895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18895" - }, - { - "name" : "21253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21253" - }, - { - "name" : "fetchmail-message-bounce-dos(24265)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-08-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" + }, + { + "name": "16365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16365" + }, + { + "name": "http://developer.berlios.de/project/shownotes.php?release_id=8784", + "refsource": "CONFIRM", + "url": "http://developer.berlios.de/project/shownotes.php?release_id=8784" + }, + { + "name": "fetchmail-message-bounce-dos(24265)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24265" + }, + { + "name": "20060122 fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422936/100/0/threaded" + }, + { + "name": "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt", + "refsource": "CONFIRM", + "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt" + }, + { + "name": "ADV-2006-3101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3101" + }, + { + "name": "21253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21253" + }, + { + "name": "18571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18571" + }, + { + "name": "SSA:2006-045-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499" + }, + { + "name": "ADV-2006-0300", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0300" + }, + { + "name": "19289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19289" + }, + { + "name": "TA06-214A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747" + }, + { + "name": "22691", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22691" + }, + { + "name": "1015527", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015527" + }, + { + "name": "18895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18895" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0816.json b/2006/0xxx/CVE-2006-0816.json index ceea7c537a8..fa9b29fe47d 100644 --- a/2006/0xxx/CVE-2006-0816.json +++ b/2006/0xxx/CVE-2006-0816.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060323 Secunia Research: Orion Application Server JSP Source DisclosureVulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428601/100/0/threaded" - }, - { - "name" : "20060323 Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1455.html" - }, - { - "name" : "http://secunia.com/secunia_research/2006-11/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-11/advisory/" - }, - { - "name" : "17204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17204" - }, - { - "name" : "ADV-2006-1055", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1055" - }, - { - "name" : "24053", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24053" - }, - { - "name" : "1015823", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015823" - }, - { - "name" : "18950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18950" - }, - { - "name" : "orion-jsp-source-disclosure(25405)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2006-11/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-11/advisory/" + }, + { + "name": "17204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17204" + }, + { + "name": "20060323 Secunia Research: Orion Application Server JSP Source DisclosureVulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428601/100/0/threaded" + }, + { + "name": "1015823", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015823" + }, + { + "name": "ADV-2006-1055", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1055" + }, + { + "name": "24053", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24053" + }, + { + "name": "20060323 Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1455.html" + }, + { + "name": "orion-jsp-source-disclosure(25405)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25405" + }, + { + "name": "18950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18950" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0860.json b/2006/0xxx/CVE-2006-0860.json index 133091af83c..9f729ad7a7c 100644 --- a/2006/0xxx/CVE-2006-0860.json +++ b/2006/0xxx/CVE-2006-0860.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a \"http://\" string, which bypasses a regular expression check, and (2) other unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060220 Guestbox XSS/an admin bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425495/100/0/threaded" - }, - { - "name" : "20060302 Re: Guestbox XSS/an admin bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426663/100/0/threaded" - }, - { - "name" : "16751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16751" - }, - { - "name" : "ADV-2006-0675", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0675" - }, - { - "name" : "23375", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23375" - }, - { - "name" : "18946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18946" - }, - { - "name" : "guestbox-gbshow-xss(24798)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a \"http://\" string, which bypasses a regular expression check, and (2) other unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060302 Re: Guestbox XSS/an admin bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426663/100/0/threaded" + }, + { + "name": "20060220 Guestbox XSS/an admin bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425495/100/0/threaded" + }, + { + "name": "ADV-2006-0675", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0675" + }, + { + "name": "16751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16751" + }, + { + "name": "18946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18946" + }, + { + "name": "guestbox-gbshow-xss(24798)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24798" + }, + { + "name": "23375", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23375" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1039.json b/2006/1xxx/CVE-2006-1039.json index 669fbf225b4..b1631c9392a 100644 --- a/2006/1xxx/CVE-2006-1039.json +++ b/2006/1xxx/CVE-2006-1039.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060301 SAP Web Application Server http request url parsing vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426449/100/0/threaded" - }, - { - "name" : "18006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18006" - }, - { - "name" : "ADV-2006-0810", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0810" - }, - { - "name" : "1015702", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015702" - }, - { - "name" : "19085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19085" - }, - { - "name" : "sap-was-url-obtain-information(25003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015702", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015702" + }, + { + "name": "sap-was-url-obtain-information(25003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003" + }, + { + "name": "19085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19085" + }, + { + "name": "18006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18006" + }, + { + "name": "20060301 SAP Web Application Server http request url parsing vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded" + }, + { + "name": "ADV-2006-0810", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0810" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1433.json b/2006/1xxx/CVE-2006-1433.json index 26eeb071ba6..c9b3d3c3471 100644 --- a/2006/1xxx/CVE-2006-1433.json +++ b/2006/1xxx/CVE-2006-1433.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/24/24302-annuaire_directory.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/24/24302-annuaire_directory.txt" - }, - { - "name" : "24302", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24302" - }, - { - "name" : "19548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19548" - }, - { - "name" : "annuaire-includelangen-path-disclosure(25668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24302", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24302" + }, + { + "name": "annuaire-includelangen-path-disclosure(25668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25668" + }, + { + "name": "http://osvdb.org/ref/24/24302-annuaire_directory.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/24/24302-annuaire_directory.txt" + }, + { + "name": "19548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19548" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3022.json b/2006/3xxx/CVE-2006-3022.json index 22f51214865..379baa49f2a 100644 --- a/2006/3xxx/CVE-2006-3022.json +++ b/2006/3xxx/CVE-2006-3022.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/fipsgallery-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/fipsgallery-vuln.html" - }, - { - "name" : "ADV-2006-2294", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2294" - }, - { - "name" : "20559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20559" - }, - { - "name" : "fipsgallery-zoom-xss(27077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2294", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2294" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/fipsgallery-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/fipsgallery-vuln.html" + }, + { + "name": "fipsgallery-zoom-xss(27077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27077" + }, + { + "name": "20559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20559" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3053.json b/2006/3xxx/CVE-2006-3053.json index da66291f51a..7a96b84ffe9 100644 --- a/2006/3xxx/CVE-2006-3053.json +++ b/2006/3xxx/CVE-2006-3053.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\" CVE analysis concurs with the vendor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436863/100/0/threaded" - }, - { - "name" : "20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437988/100/0/threaded" - }, - { - "name" : "16977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16977" - }, - { - "name" : "1103", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1103" - }, - { - "name" : "phorum-common-file-include(27064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\" CVE analysis concurs with the vendor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1103", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1103" + }, + { + "name": "16977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16977" + }, + { + "name": "phorum-common-file-include(27064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064" + }, + { + "name": "20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded" + }, + { + "name": "20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3102.json b/2006/3xxx/CVE-2006-3102.json index b519af756c6..85ec4def00f 100644 --- a/2006/3xxx/CVE-2006-3102.json +++ b/2006/3xxx/CVE-2006-3102.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060617 bitweaver <= v1.3 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437491/100/0/threaded" - }, - { - "name" : "1918", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1918" - }, - { - "name" : "http://retrogod.altervista.org/bitweaver_13_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/bitweaver_13_xpl.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358" - }, - { - "name" : "http://www.bitweaver.org/articles/45", - "refsource" : "CONFIRM", - "url" : "http://www.bitweaver.org/articles/45" - }, - { - "name" : "ADV-2006-2405", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2405" - }, - { - "name" : "26587", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26587" - }, - { - "name" : "20695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20695" - }, - { - "name" : "1115", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1115" - }, - { - "name" : "bitweaver-modmime-file-upload(27215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358" + }, + { + "name": "http://retrogod.altervista.org/bitweaver_13_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/bitweaver_13_xpl.html" + }, + { + "name": "bitweaver-modmime-file-upload(27215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27215" + }, + { + "name": "1918", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1918" + }, + { + "name": "26587", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26587" + }, + { + "name": "20695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20695" + }, + { + "name": "http://www.bitweaver.org/articles/45", + "refsource": "CONFIRM", + "url": "http://www.bitweaver.org/articles/45" + }, + { + "name": "1115", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1115" + }, + { + "name": "ADV-2006-2405", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2405" + }, + { + "name": "20060617 bitweaver <= v1.3 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437491/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3734.json b/2006/3xxx/CVE-2006-3734.json index febd1f09cd9..ac80a428e03 100644 --- a/2006/3xxx/CVE-2006-3734.json +++ b/2006/3xxx/CVE-2006-3734.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml" - }, - { - "name" : "19071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19071" - }, - { - "name" : "19077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19077" - }, - { - "name" : "ADV-2006-2887", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2887" - }, - { - "name" : "1016537", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016537" - }, - { - "name" : "21118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21118" - }, - { - "name" : "cisco-cli-command-execution(27812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19071" + }, + { + "name": "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml" + }, + { + "name": "21118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21118" + }, + { + "name": "ADV-2006-2887", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2887" + }, + { + "name": "19077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19077" + }, + { + "name": "cisco-cli-command-execution(27812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27812" + }, + { + "name": "1016537", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016537" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3900.json b/2006/3xxx/CVE-2006-3900.json index e72e47a1ca7..57a92282bee 100644 --- a/2006/3xxx/CVE-2006-3900.json +++ b/2006/3xxx/CVE-2006-3900.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060725 TP-Book <= 1.00 Cross Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441192/100/0/threaded" - }, - { - "name" : "20060725 TP-Book <= 1.00 Cross Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115385461709949&w=2" - }, - { - "name" : "19159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19159" - }, - { - "name" : "ADV-2006-2980", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2980" - }, - { - "name" : "27515", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=27515" - }, - { - "name" : "1016583", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016583" - }, - { - "name" : "21205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21205" - }, - { - "name" : "tpbook-guestbook-xss(27964)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016583", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016583" + }, + { + "name": "20060725 TP-Book <= 1.00 Cross Site Scripting", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115385461709949&w=2" + }, + { + "name": "27515", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27515" + }, + { + "name": "21205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21205" + }, + { + "name": "20060725 TP-Book <= 1.00 Cross Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441192/100/0/threaded" + }, + { + "name": "19159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19159" + }, + { + "name": "tpbook-guestbook-xss(27964)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27964" + }, + { + "name": "ADV-2006-2980", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2980" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4006.json b/2006/4xxx/CVE-2006-4006.json index 3deef743894..62325b86469 100644 --- a/2006/4xxx/CVE-2006-4006.json +++ b/2006/4xxx/CVE-2006-4006.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/bcloneboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/bcloneboom-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/bcloneboom.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/bcloneboom.zip" - }, - { - "name" : "DSA-1180", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1180" - }, - { - "name" : "19255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19255" - }, - { - "name" : "ADV-2006-3067", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3067" - }, - { - "name" : "27648", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27648" - }, - { - "name" : "21303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21303" - }, - { - "name" : "21985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21985" - }, - { - "name" : "bomberclone-sendpkg-information-disclosure(28092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bomberclone-sendpkg-information-disclosure(28092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28092" + }, + { + "name": "21303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21303" + }, + { + "name": "19255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19255" + }, + { + "name": "DSA-1180", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1180" + }, + { + "name": "http://aluigi.org/poc/bcloneboom.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/bcloneboom.zip" + }, + { + "name": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt" + }, + { + "name": "ADV-2006-3067", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3067" + }, + { + "name": "27648", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27648" + }, + { + "name": "21985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21985" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4025.json b/2006/4xxx/CVE-2006-4025.json index 83f00e5ae47..69a128e7aaa 100644 --- a/2006/4xxx/CVE-2006-4025.json +++ b/2006/4xxx/CVE-2006-4025.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060806 XennoBB <= 2.1.0 \"birthday\" SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442423/100/0/threaded" - }, - { - "name" : "19374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19374" - }, - { - "name" : "ADV-2006-3190", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3190" - }, - { - "name" : "1016643", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016643" - }, - { - "name" : "21409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21409" - }, - { - "name" : "1344", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1344" - }, - { - "name" : "xennobb-birthday-sql-injection(28257)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xennobb-birthday-sql-injection(28257)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28257" + }, + { + "name": "21409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21409" + }, + { + "name": "19374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19374" + }, + { + "name": "1016643", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016643" + }, + { + "name": "20060806 XennoBB <= 2.1.0 \"birthday\" SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442423/100/0/threaded" + }, + { + "name": "ADV-2006-3190", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3190" + }, + { + "name": "1344", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1344" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4083.json b/2006/4xxx/CVE-2006-4083.json index e7a001f5018..e0160b8e286 100644 --- a/2006/4xxx/CVE-2006-4083.json +++ b/2006/4xxx/CVE-2006-4083.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-1384", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1384" - }, - { - "name" : "19680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19680" - }, - { - "name" : "myevent-myevent-file-include(28347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19680" + }, + { + "name": "myevent-myevent-file-include(28347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28347" + }, + { + "name": "ADV-2006-1384", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1384" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4262.json b/2006/4xxx/CVE-2006-4262.json index b5aa92b8462..59570b10ed5 100644 --- a/2006/4xxx/CVE-2006-4262.json +++ b/2006/4xxx/CVE-2006-4262.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645" - }, - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500" - }, - { - "name" : "DSA-1186", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1186" - }, - { - "name" : "GLSA-200610-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-08.xml" - }, - { - "name" : "RHSA-2009:1101", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1101.html" - }, - { - "name" : "19686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19686" - }, - { - "name" : "19687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19687" - }, - { - "name" : "oval:org.mitre.oval:def:9661", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661" - }, - { - "name" : "ADV-2006-3374", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3374" - }, - { - "name" : "28135", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28135" - }, - { - "name" : "28136", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28136" - }, - { - "name" : "21601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21601" - }, - { - "name" : "22239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22239" - }, - { - "name" : "22515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22515" - }, - { - "name" : "cscope-reffile-bo(28546)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28546" - }, - { - "name" : "cscope-cscopelists-bo(28545)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1186", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1186" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645" + }, + { + "name": "21601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21601" + }, + { + "name": "cscope-cscopelists-bo(28545)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28545" + }, + { + "name": "RHSA-2009:1101", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1101.html" + }, + { + "name": "28135", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28135" + }, + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500" + }, + { + "name": "22239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22239" + }, + { + "name": "22515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22515" + }, + { + "name": "ADV-2006-3374", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3374" + }, + { + "name": "oval:org.mitre.oval:def:9661", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661" + }, + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500" + }, + { + "name": "19686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19686" + }, + { + "name": "19687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19687" + }, + { + "name": "GLSA-200610-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-08.xml" + }, + { + "name": "28136", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28136" + }, + { + "name": "cscope-reffile-bo(28546)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28546" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4403.json b/2006/4xxx/CVE-2006-4403.json index 219acf568cc..19eae16e348 100644 --- a/2006/4xxx/CVE-2006-4403.json +++ b/2006/4xxx/CVE-2006-4403.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "VU#371648", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/371648" - }, - { - "name" : "21335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21335" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "30734", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30734" - }, - { - "name" : "1017303", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017303" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - }, - { - "name" : "macos-ftp-server-login-dos(30621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30734", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30734" + }, + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "1017303", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017303" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "21335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21335" + }, + { + "name": "macos-ftp-server-login-dos(30621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30621" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "VU#371648", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/371648" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2194.json b/2010/2xxx/CVE-2010-2194.json index a9d705beaf5..e040abd6ae6 100644 --- a/2010/2xxx/CVE-2010-2194.json +++ b/2010/2xxx/CVE-2010-2194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2319.json b/2010/2xxx/CVE-2010-2319.json index bbb1d157e36..bee0e2b31c5 100644 --- a/2010/2xxx/CVE-2010-2319.json +++ b/2010/2xxx/CVE-2010-2319.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.exploit-db.com/exploits/13749/", - "refsource" : "MISC", - "url" : "http://www.exploit-db.com/exploits/13749/" - }, - { - "name" : "40592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40592" - }, - { - "name" : "ADV-2010-1357", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.exploit-db.com/exploits/13749/", + "refsource": "MISC", + "url": "http://www.exploit-db.com/exploits/13749/" + }, + { + "name": "40592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40592" + }, + { + "name": "ADV-2010-1357", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1357" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2400.json b/2010/2xxx/CVE-2010-2400.json index 4ab0bba962d..299b739f754 100644 --- a/2010/2xxx/CVE-2010-2400.json +++ b/2010/2xxx/CVE-2010-2400.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2445.json b/2010/2xxx/CVE-2010-2445.json index 5258a3e9c8a..fe990fa87ec 100644 --- a/2010/2xxx/CVE-2010-2445.json +++ b/2010/2xxx/CVE-2010-2445.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100610 CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/09/4" - }, - { - "name" : "[oss-security] 20100624 Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/24/5" - }, - { - "name" : "http://gna.org/bugs/?15624", - "refsource" : "CONFIRM", - "url" : "http://gna.org/bugs/?15624" - }, - { - "name" : "MDVSA-2010:205", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:205" - }, - { - "name" : "65192", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100624 Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/24/5" + }, + { + "name": "MDVSA-2010:205", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:205" + }, + { + "name": "http://gna.org/bugs/?15624", + "refsource": "CONFIRM", + "url": "http://gna.org/bugs/?15624" + }, + { + "name": "[oss-security] 20100610 CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/09/4" + }, + { + "name": "65192", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65192" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2542.json b/2010/2xxx/CVE-2010-2542.json index 748c74524b1..4595c215731 100644 --- a/2010/2xxx/CVE-2010-2542.json +++ b/2010/2xxx/CVE-2010-2542.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100721 CVE request: git", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/22/1" - }, - { - "name" : "[oss-security] 20100722 Re: CVE request: git", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/22/4" - }, - { - "name" : "http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc" - }, - { - "name" : "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=618108", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=618108" - }, - { - "name" : "SUSE-SR:2011:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html" - }, - { - "name" : "41891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41891" - }, - { - "name" : "43457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43457" - }, - { - "name" : "ADV-2011-0464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43457" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=618108", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618108" + }, + { + "name": "[oss-security] 20100722 Re: CVE request: git", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/22/4" + }, + { + "name": "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt" + }, + { + "name": "SUSE-SR:2011:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html" + }, + { + "name": "[oss-security] 20100721 CVE request: git", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/22/1" + }, + { + "name": "ADV-2011-0464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0464" + }, + { + "name": "41891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41891" + }, + { + "name": "http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2592.json b/2010/2xxx/CVE-2010-2592.json index e60e0e6f81a..02128435c12 100644 --- a/2010/2xxx/CVE-2010-2592.json +++ b/2010/2xxx/CVE-2010-2592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3563.json b/2010/3xxx/CVE-2010-3563.json index 95f2940ccc5..df315c81f5c 100644 --- a/2010/3xxx/CVE-2010-3563.json +++ b/2010/3xxx/CVE-2010-3563.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to \"how Web Start retrieves security policies,\" BasicServiceImpl, and forged policies that bypass sandbox restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-202/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-202/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0987", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "43999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43999" - }, - { - "name" : "oval:org.mitre.oval:def:12181", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181" - }, - { - "name" : "oval:org.mitre.oval:def:12554", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to \"how Web Start retrieves security policies,\" BasicServiceImpl, and forged policies that bypass sandbox restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "RHSA-2010:0987", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "oval:org.mitre.oval:def:12181", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "43999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43999" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-202/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-202/" + }, + { + "name": "oval:org.mitre.oval:def:12554", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3779.json b/2010/3xxx/CVE-2010-3779.json index 1d9721bb6bb..89af9333703 100644 --- a/2010/3xxx/CVE-2010-3779.json +++ b/2010/3xxx/CVE-2010-3779.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2010-October/053452.html" - }, - { - "name" : "[dovecot] 20101002 v1.2.15 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2010-October/053450.html" - }, - { - "name" : "MDVSA-2010:217", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" - }, - { - "name" : "USN-1059-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1059-1" - }, - { - "name" : "43220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43220" - }, - { - "name" : "ADV-2010-2840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2840" - }, - { - "name" : "ADV-2011-0301", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1059-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1059-1" + }, + { + "name": "MDVSA-2010:217", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" + }, + { + "name": "43220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43220" + }, + { + "name": "ADV-2011-0301", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0301" + }, + { + "name": "[dovecot] 20101002 v1.2.15 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2010-October/053450.html" + }, + { + "name": "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2010-October/053452.html" + }, + { + "name": "ADV-2010-2840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2840" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3787.json b/2010/3xxx/CVE-2010-3787.json index 95717b5975b..6699e881f7b 100644 --- a/2010/3xxx/CVE-2010-3787.json +++ b/2010/3xxx/CVE-2010-3787.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://support.apple.com/kb/HT4447", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4447" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-12-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" - }, - { - "name" : "VU#309873", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/309873" - }, - { - "name" : "44798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44798" - }, - { - "name" : "1024729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "1024729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024729" + }, + { + "name": "APPLE-SA-2010-12-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4447", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4447" + }, + { + "name": "44798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44798" + }, + { + "name": "VU#309873", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/309873" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3812.json b/2010/3xxx/CVE-2010-3812.json index 0f3d99c7ba2..2ffc82fa18e 100644 --- a/2010/3xxx/CVE-2010-3812.json +++ b/2010/3xxx/CVE-2010-3812.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-257/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-257/" - }, - { - "name" : "http://trac.webkit.org/changeset/68705", - "refsource" : "MISC", - "url" : "http://trac.webkit.org/changeset/68705" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=46848", - "refsource" : "MISC", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=46848" - }, - { - "name" : "http://support.apple.com/kb/HT4455", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4455" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667022", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667022" - }, - { - "name" : "APPLE-SA-2010-11-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "FEDORA-2011-0121", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "44960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44960" - }, - { - "name" : "oval:org.mitre.oval:def:11689", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11689" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - }, - { - "name" : "safari-text-objects-code-execution(63350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "FEDORA-2011-0121", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-257/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-257/" + }, + { + "name": "http://support.apple.com/kb/HT4455", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4455" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "44960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44960" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "oval:org.mitre.oval:def:11689", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11689" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "APPLE-SA-2010-11-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "safari-text-objects-code-execution(63350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63350" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=46848", + "refsource": "MISC", + "url": "https://bugs.webkit.org/show_bug.cgi?id=46848" + }, + { + "name": "http://trac.webkit.org/changeset/68705", + "refsource": "MISC", + "url": "http://trac.webkit.org/changeset/68705" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667022", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667022" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3860.json b/2010/3xxx/CVE-2010-3860.json index 6c16921e6d4..3ca06ff4a48 100644 --- a/2010/3xxx/CVE-2010-3860.json +++ b/2010/3xxx/CVE-2010-3860.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=645843", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=645843" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/" - }, - { - "name" : "FEDORA-2010-18393", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "RHSA-2011:0176", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0176.html" - }, - { - "name" : "SUSE-SR:2010:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" - }, - { - "name" : "USN-1024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1024-1" - }, - { - "name" : "45114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45114" - }, - { - "name" : "42412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42412" - }, - { - "name" : "42417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42417" - }, - { - "name" : "43085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43085" - }, - { - "name" : "ADV-2010-3090", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3090" - }, - { - "name" : "ADV-2010-3108", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3108" - }, - { - "name" : "ADV-2011-0215", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "FEDORA-2010-18393", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html" + }, + { + "name": "43085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43085" + }, + { + "name": "ADV-2011-0215", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0215" + }, + { + "name": "USN-1024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1024-1" + }, + { + "name": "SUSE-SR:2010:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" + }, + { + "name": "42412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42412" + }, + { + "name": "ADV-2010-3090", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3090" + }, + { + "name": "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/" + }, + { + "name": "ADV-2010-3108", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3108" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=645843", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=645843" + }, + { + "name": "42417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42417" + }, + { + "name": "45114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45114" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28" + }, + { + "name": "RHSA-2011:0176", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4248.json b/2010/4xxx/CVE-2010-4248.json index b75a67b9279..49b3cfa5702 100644 --- a/2010/4xxx/CVE-2010-4248.json +++ b/2010/4xxx/CVE-2010-4248.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[oss-security] 20101123 CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/23/2" - }, - { - "name" : "[oss-security] 20101124 Re: CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/24/9" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0a70217107e6f9844628120412cb27bb4cea194", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0a70217107e6f9844628120412cb27bb4cea194" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=656264", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=656264" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "RHSA-2011:0004", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0004.html" - }, - { - "name" : "RHSA-2011:0007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html" - }, - { - "name" : "45028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45028" - }, - { - "name" : "42789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42789" - }, - { - "name" : "42890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42890" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "ADV-2011-0024", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42789" + }, + { + "name": "ADV-2011-0024", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0024" + }, + { + "name": "RHSA-2011:0004", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2" + }, + { + "name": "RHSA-2011:0007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" + }, + { + "name": "45028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45028" + }, + { + "name": "[oss-security] 20101124 Re: CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/24/9" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "42890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42890" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0a70217107e6f9844628120412cb27bb4cea194", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0a70217107e6f9844628120412cb27bb4cea194" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=656264", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=656264" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "[oss-security] 20101123 CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/23/2" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0075.json b/2011/0xxx/CVE-2011-0075.json index 9b2e23bcd22..07290723bf8 100644 --- a/2011/0xxx/CVE-2011-0075.json +++ b/2011/0xxx/CVE-2011-0075.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635977", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635977" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100134543", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100134543" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "47647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47647" - }, - { - "name" : "oval:org.mitre.oval:def:14086", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47647" + }, + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=635977", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=635977" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "oval:org.mitre.oval:def:14086", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14086" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100134543", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100134543" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" + }, + { + "name": "MDVSA-2011:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1613.json b/2011/1xxx/CVE-2011-1613.json index 7cdbe482708..191a476274b 100644 --- a/2011/1xxx/CVE-2011-1613.json +++ b/2011/1xxx/CVE-2011-1613.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110427 Cisco Wireless LAN Controllers Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7950e.shtml" - }, - { - "name" : "47606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47606" - }, - { - "name" : "1025448", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025448" - }, - { - "name" : "44384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44384" - }, - { - "name" : "ADV-2011-1123", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1123" - }, - { - "name" : "wlc-icmp-dos(67128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47606" + }, + { + "name": "20110427 Cisco Wireless LAN Controllers Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7950e.shtml" + }, + { + "name": "1025448", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025448" + }, + { + "name": "44384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44384" + }, + { + "name": "wlc-icmp-dos(67128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67128" + }, + { + "name": "ADV-2011-1123", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1123" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1694.json b/2011/1xxx/CVE-2011-1694.json index f6644d8cb5e..1afe94149a2 100644 --- a/2011/1xxx/CVE-2011-1694.json +++ b/2011/1xxx/CVE-2011-1694.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1694", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1694", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1983.json b/2011/1xxx/CVE-2011-1983.json index f857003523c..f2d73df2eeb 100644 --- a/2011/1xxx/CVE-2011-1983.json +++ b/2011/1xxx/CVE-2011-1983.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-089", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-089" - }, - { - "name" : "TA11-347A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14197", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14197" - }, - { - "name" : "oval:org.mitre.oval:def:14558", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14558" - }, - { - "name" : "1026409", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14558", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14558" + }, + { + "name": "TA11-347A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" + }, + { + "name": "MS11-089", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-089" + }, + { + "name": "1026409", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026409" + }, + { + "name": "oval:org.mitre.oval:def:14197", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14197" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5112.json b/2011/5xxx/CVE-2011-5112.json index 94fea8b0dc0..7bd286d1601 100644 --- a/2011/5xxx/CVE-2011-5112.json +++ b/2011/5xxx/CVE-2011-5112.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18058", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18058" - }, - { - "name" : "http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28", - "refsource" : "CONFIRM", - "url" : "http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18058", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18058" + }, + { + "name": "http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28", + "refsource": "CONFIRM", + "url": "http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5314.json b/2011/5xxx/CVE-2011-5314.json index 1fa2b8ea9cb..e099fa6eb87 100644 --- a/2011/5xxx/CVE-2011-5314.json +++ b/2011/5xxx/CVE-2011-5314.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22804", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB22804", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22804" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3282.json b/2014/3xxx/CVE-2014-3282.json index 1bccbeb0c48..a5e276ea2b3 100644 --- a/2014/3xxx/CVE-2014-3282.json +++ b/2014/3xxx/CVE-2014-3282.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34382", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34382" - }, - { - "name" : "20140527 Cisco Unified Communications Domain Manager Admin Number Translation Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3282" - }, - { - "name" : "67666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67666" - }, - { - "name" : "1030306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030306" - }, - { - "name" : "58400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34382", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34382" + }, + { + "name": "1030306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030306" + }, + { + "name": "20140527 Cisco Unified Communications Domain Manager Admin Number Translation Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3282" + }, + { + "name": "67666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67666" + }, + { + "name": "58400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58400" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3374.json b/2014/3xxx/CVE-2014-3374.json index 9348eda2a71..8d62370ccbe 100644 --- a/2014/3xxx/CVE-2014-3374.json +++ b/2014/3xxx/CVE-2014-3374.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295" - }, - { - "name" : "20141030 Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374" - }, - { - "name" : "70849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70849" - }, - { - "name" : "1031162", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031162" - }, - { - "name" : "59696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59696" - }, - { - "name" : "cisco-ucm-cve20143374-xss(98407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-ucm-cve20143374-xss(98407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407" + }, + { + "name": "70849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70849" + }, + { + "name": "20141030 Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295" + }, + { + "name": "1031162", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031162" + }, + { + "name": "59696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59696" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6409.json b/2014/6xxx/CVE-2014-6409.json index c0dc1091682..5e1dd19735a 100644 --- a/2014/6xxx/CVE-2014-6409.json +++ b/2014/6xxx/CVE-2014-6409.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34718", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34718" - }, - { - "name" : "20140919 M/Monit - Account hijacking via CSRF", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/71" - }, - { - "name" : "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html" - }, - { - "name" : "mmonit-cve20146409-csrf(96122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mmonit-cve20146409-csrf(96122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96122" + }, + { + "name": "20140919 M/Monit - Account hijacking via CSRF", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/71" + }, + { + "name": "34718", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34718" + }, + { + "name": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6740.json b/2014/6xxx/CVE-2014-6740.json index e44ad7b2d11..a6ef9112fb4 100644 --- a/2014/6xxx/CVE-2014-6740.json +++ b/2014/6xxx/CVE-2014-6740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#952009", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/952009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#952009", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/952009" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7462.json b/2014/7xxx/CVE-2014-7462.json index 1691e068b34..6c358fbb33b 100644 --- a/2014/7xxx/CVE-2014-7462.json +++ b/2014/7xxx/CVE-2014-7462.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#642073", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/642073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#642073", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/642073" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7855.json b/2014/7xxx/CVE-2014-7855.json index a90f818acb5..a1f21f903bb 100644 --- a/2014/7xxx/CVE-2014-7855.json +++ b/2014/7xxx/CVE-2014-7855.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7855", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7855", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8271.json b/2014/8xxx/CVE-2014-8271.json index 31e9b3b5f51..b0b8b90e38b 100644 --- a/2014/8xxx/CVE-2014-8271.json +++ b/2014/8xxx/CVE-2014-8271.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8271", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8271", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8316.json b/2014/8xxx/CVE-2014-8316.json index 66bbe7094db..d4980fbc54e 100644 --- a/2014/8xxx/CVE-2014-8316.json +++ b/2014/8xxx/CVE-2014-8316.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533673/100/0/threaded" - }, - { - "name" : "20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/50" - }, - { - "name" : "http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html" - }, - { - "name" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt", - "refsource" : "MISC", - "url" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt" - }, - { - "name" : "http://scn.sap.com/docs/DOC-55451", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-55451" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1908531", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1908531" - }, - { - "name" : "70384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70384" - }, - { - "name" : "sap-businessobjects-xml-info-disc(96933)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/50" + }, + { + "name": "sap-businessobjects-xml-info-disc(96933)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96933" + }, + { + "name": "http://scn.sap.com/docs/DOC-55451", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-55451" + }, + { + "name": "http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html" + }, + { + "name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt", + "refsource": "MISC", + "url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt" + }, + { + "name": "20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533673/100/0/threaded" + }, + { + "name": "70384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70384" + }, + { + "name": "https://service.sap.com/sap/support/notes/1908531", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1908531" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8672.json b/2014/8xxx/CVE-2014-8672.json index 030f6a748f4..34a9fcb8b4c 100644 --- a/2014/8xxx/CVE-2014-8672.json +++ b/2014/8xxx/CVE-2014-8672.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://arxiv.org/abs/1410.7756", - "refsource" : "MISC", - "url" : "http://arxiv.org/abs/1410.7756" - }, - { - "name" : "http://arxiv.org/pdf/1410.7756v1.pdf", - "refsource" : "MISC", - "url" : "http://arxiv.org/pdf/1410.7756v1.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://arxiv.org/pdf/1410.7756v1.pdf", + "refsource": "MISC", + "url": "http://arxiv.org/pdf/1410.7756v1.pdf" + }, + { + "name": "http://arxiv.org/abs/1410.7756", + "refsource": "MISC", + "url": "http://arxiv.org/abs/1410.7756" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8888.json b/2014/8xxx/CVE-2014-8888.json index 6081f0da61f..548c16014b7 100644 --- a/2014/8xxx/CVE-2014-8888.json +++ b/2014/8xxx/CVE-2014-8888.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", - "refsource" : "CONFIRM", - "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF" - }, - { - "name" : "dlink-dir815-cve20148888-command-exec(110755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dlink-dir815-cve20148888-command-exec(110755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755" + }, + { + "name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", + "refsource": "CONFIRM", + "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9756.json b/2014/9xxx/CVE-2014-9756.json index 5d424599127..77e9bc043aa 100644 --- a/2014/9xxx/CVE-2014-9756.json +++ b/2014/9xxx/CVE-2014-9756.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 libsndfile DoS/divide-by-zero", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/3" - }, - { - "name" : "[oss-security] 20151103 Re: libsndfile DoS/divide-by-zero", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/03/9" - }, - { - "name" : "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6", - "refsource" : "CONFIRM", - "url" : "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6" - }, - { - "name" : "https://github.com/erikd/libsndfile/issues/92", - "refsource" : "CONFIRM", - "url" : "https://github.com/erikd/libsndfile/issues/92" - }, - { - "name" : "openSUSE-SU-2015:1995", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html" - }, - { - "name" : "openSUSE-SU-2015:2119", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html" - }, - { - "name" : "USN-2832-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2832-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1995", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html" + }, + { + "name": "https://github.com/erikd/libsndfile/issues/92", + "refsource": "CONFIRM", + "url": "https://github.com/erikd/libsndfile/issues/92" + }, + { + "name": "[oss-security] 20141224 libsndfile DoS/divide-by-zero", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/3" + }, + { + "name": "[oss-security] 20151103 Re: libsndfile DoS/divide-by-zero", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/03/9" + }, + { + "name": "USN-2832-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2832-1" + }, + { + "name": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6", + "refsource": "CONFIRM", + "url": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6" + }, + { + "name": "openSUSE-SU-2015:2119", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2719.json b/2016/2xxx/CVE-2016-2719.json index 70bd4b90c22..9dfb9cc1b0d 100644 --- a/2016/2xxx/CVE-2016-2719.json +++ b/2016/2xxx/CVE-2016-2719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2719", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2719", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2799.json b/2016/2xxx/CVE-2016-2799.json index 157c3fca714..4d9767b9060 100644 --- a/2016/2xxx/CVE-2016-2799.json +++ b/2016/2xxx/CVE-2016-2799.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1249081", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1249081" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3510", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3510" - }, - { - "name" : "DSA-3515", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3515" - }, - { - "name" : "DSA-3520", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3520" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "GLSA-201701-63", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-63" - }, - { - "name" : "openSUSE-SU-2016:0894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" - }, - { - "name" : "openSUSE-SU-2016:1767", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:1769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:1778", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:0909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" - }, - { - "name" : "SUSE-SU-2016:0727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" - }, - { - "name" : "SUSE-SU-2016:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" - }, - { - "name" : "openSUSE-SU-2016:0731", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0733", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" - }, - { - "name" : "SUSE-SU-2016:0820", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" - }, - { - "name" : "openSUSE-SU-2016:0876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" - }, - { - "name" : "USN-2917-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-2" - }, - { - "name" : "USN-2917-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-3" - }, - { - "name" : "USN-2934-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2934-1" - }, - { - "name" : "USN-2917-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-1" - }, - { - "name" : "USN-2927-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2927-1" - }, - { - "name" : "84222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84222" - }, - { - "name" : "1035215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" + }, + { + "name": "84222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84222" + }, + { + "name": "SUSE-SU-2016:0820", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" + }, + { + "name": "openSUSE-SU-2016:1767", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "openSUSE-SU-2016:0731", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" + }, + { + "name": "SUSE-SU-2016:0727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" + }, + { + "name": "openSUSE-SU-2016:1778", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" + }, + { + "name": "openSUSE-SU-2016:0876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" + }, + { + "name": "USN-2917-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-1" + }, + { + "name": "USN-2927-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2927-1" + }, + { + "name": "DSA-3520", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3520" + }, + { + "name": "openSUSE-SU-2016:1769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" + }, + { + "name": "SUSE-SU-2016:0909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" + }, + { + "name": "DSA-3510", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3510" + }, + { + "name": "openSUSE-SU-2016:0733", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" + }, + { + "name": "1035215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035215" + }, + { + "name": "SUSE-SU-2016:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "DSA-3515", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3515" + }, + { + "name": "USN-2934-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2934-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249081", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249081" + }, + { + "name": "GLSA-201701-63", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-63" + }, + { + "name": "USN-2917-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-2" + }, + { + "name": "USN-2917-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-3" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6141.json b/2016/6xxx/CVE-2016-6141.json index 2df3ed4d5dc..15d6276756a 100644 --- a/2016/6xxx/CVE-2016-6141.json +++ b/2016/6xxx/CVE-2016-6141.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6141", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6141", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6208.json b/2016/6xxx/CVE-2016-6208.json index ef3d938bc0d..a461b6e5325 100644 --- a/2016/6xxx/CVE-2016-6208.json +++ b/2016/6xxx/CVE-2016-6208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6208", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6208", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6238.json b/2016/6xxx/CVE-2016-6238.json index f1e2db32711..978b2500216 100644 --- a/2016/6xxx/CVE-2016-6238.json +++ b/2016/6xxx/CVE-2016-6238.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160717 Re: multiple memory corruption issues in lepton", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/17/6" - }, - { - "name" : "https://github.com/dropbox/lepton/issues/26", - "refsource" : "CONFIRM", - "url" : "https://github.com/dropbox/lepton/issues/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dropbox/lepton/issues/26", + "refsource": "CONFIRM", + "url": "https://github.com/dropbox/lepton/issues/26" + }, + { + "name": "[oss-security] 20160717 Re: multiple memory corruption issues in lepton", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/17/6" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6385.json b/2016/6xxx/CVE-2016-6385.json index 1a96b6e2140..b1749b0c0fa 100644 --- a/2016/6xxx/CVE-2016-6385.json +++ b/2016/6xxx/CVE-2016-6385.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04" - }, - { - "name" : "20160928 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi" - }, - { - "name" : "93203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93203" - }, - { - "name" : "1036914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93203" + }, + { + "name": "1036914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036914" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04" + }, + { + "name": "20160928 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6986.json b/2016/6xxx/CVE-2016-6986.json index 0378af32816..992818f3a4c 100644 --- a/2016/6xxx/CVE-2016-6986.json +++ b/2016/6xxx/CVE-2016-6986.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6989, and CVE-2016-6990." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:2057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" - }, - { - "name" : "93490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93490" - }, - { - "name" : "1036985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6989, and CVE-2016-6990." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" + }, + { + "name": "93490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93490" + }, + { + "name": "RHSA-2016:2057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html" + }, + { + "name": "1036985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036985" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18186.json b/2017/18xxx/CVE-2017-18186.json index 80426538309..957ca7ee7e3 100644 --- a/2017/18xxx/CVE-2017-18186.json +++ b/2017/18xxx/CVE-2017-18186.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937" - }, - { - "name" : "https://github.com/qpdf/qpdf/issues/149", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/issues/149" - }, - { - "name" : "USN-3638-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3638-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3638-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3638-1/" + }, + { + "name": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937" + }, + { + "name": "https://github.com/qpdf/qpdf/issues/149", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/issues/149" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5228.json b/2017/5xxx/CVE-2017-5228.json index 8a17d939df4..7df80a9c776 100644 --- a/2017/5xxx/CVE-2017-5228.json +++ b/2017/5xxx/CVE-2017-5228.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Metasploit", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.13.0-2017020701" - } - ] - } - } - ] - }, - "vendor_name" : "Rapid7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Metasploit", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.13.0-2017020701" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", - "refsource" : "CONFIRM", - "url" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" - }, - { - "name" : "96954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96954" + }, + { + "name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", + "refsource": "CONFIRM", + "url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5257.json b/2017/5xxx/CVE-2017-5257.json index 8ad9d70bc9e..68439fe0521 100644 --- a/2017/5xxx/CVE-2017-5257.json +++ b/2017/5xxx/CVE-2017-5257.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ePMP", - "version" : { - "version_data" : [ - { - "version_value" : "3.5 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Cambium Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ePMP", + "version": { + "version_data": [ + { + "version_value": "3.5 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Cambium Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5560.json b/2017/5xxx/CVE-2017-5560.json index de18bdf8185..a51e8e07aac 100644 --- a/2017/5xxx/CVE-2017-5560.json +++ b/2017/5xxx/CVE-2017-5560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5560", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5560", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5582.json b/2017/5xxx/CVE-2017-5582.json index 36cc47b2edf..aa459e937d2 100644 --- a/2017/5xxx/CVE-2017-5582.json +++ b/2017/5xxx/CVE-2017-5582.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5582", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5582", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5946.json b/2017/5xxx/CVE-2017-5946.json index b33741b32d7..b0b0a2627ac 100644 --- a/2017/5xxx/CVE-2017-5946.json +++ b/2017/5xxx/CVE-2017-5946.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses \"../\" pathname substrings to write arbitrary files to the filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyzip/rubyzip/issues/315", - "refsource" : "CONFIRM", - "url" : "https://github.com/rubyzip/rubyzip/issues/315" - }, - { - "name" : "https://github.com/rubyzip/rubyzip/releases", - "refsource" : "CONFIRM", - "url" : "https://github.com/rubyzip/rubyzip/releases" - }, - { - "name" : "DSA-3801", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3801" - }, - { - "name" : "96445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses \"../\" pathname substrings to write arbitrary files to the filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyzip/rubyzip/releases", + "refsource": "CONFIRM", + "url": "https://github.com/rubyzip/rubyzip/releases" + }, + { + "name": "96445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96445" + }, + { + "name": "https://github.com/rubyzip/rubyzip/issues/315", + "refsource": "CONFIRM", + "url": "https://github.com/rubyzip/rubyzip/issues/315" + }, + { + "name": "DSA-3801", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3801" + } + ] + } +} \ No newline at end of file