diff --git a/2006/0xxx/CVE-2006-0481.json b/2006/0xxx/CVE-2006-0481.json index 14edca269f8..89058e02576 100644 --- a/2006/0xxx/CVE-2006-0481.json +++ b/2006/0xxx/CVE-2006-0481.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455" - }, - { - "name" : "ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt" - }, - { - "name" : "GLSA-200812-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-15.xml" - }, - { - "name" : "RHSA-2006:0205", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0205.html" - }, - { - "name" : "16626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16626" - }, - { - "name" : "oval:org.mitre.oval:def:10780", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10780" - }, - { - "name" : "ADV-2006-0393", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0393" - }, - { - "name" : "1015615", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015615" - }, - { - "name" : "1015617", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015617" - }, - { - "name" : "18654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18654" - }, - { - "name" : "18863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18863" - }, - { - "name" : "33137", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33137" - }, - { - "name" : "libpng-pngsetstripalpha-bo(24396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2006:0205", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0205.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455" + }, + { + "name": "libpng-pngsetstripalpha-bo(24396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24396" + }, + { + "name": "1015617", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015617" + }, + { + "name": "oval:org.mitre.oval:def:10780", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10780" + }, + { + "name": "ADV-2006-0393", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0393" + }, + { + "name": "18654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18654" + }, + { + "name": "GLSA-200812-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-15.xml" + }, + { + "name": "1015615", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015615" + }, + { + "name": "33137", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33137" + }, + { + "name": "ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt" + }, + { + "name": "18863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18863" + }, + { + "name": "16626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16626" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0682.json b/2006/0xxx/CVE-2006-0682.json index 9889dd0e34e..900dfee3b29 100644 --- a/2006/0xxx/CVE-2006-0682.json +++ b/2006/0xxx/CVE-2006-0682.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://e107.org/comment.php?comment.news.776", - "refsource" : "CONFIRM", - "url" : "http://e107.org/comment.php?comment.news.776" - }, - { - "name" : "16614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16614" - }, - { - "name" : "ADV-2006-0540", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0540" - }, - { - "name" : "18816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18816" - }, - { - "name" : "e107-bbcode-xss(24625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16614" + }, + { + "name": "http://e107.org/comment.php?comment.news.776", + "refsource": "CONFIRM", + "url": "http://e107.org/comment.php?comment.news.776" + }, + { + "name": "ADV-2006-0540", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0540" + }, + { + "name": "18816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18816" + }, + { + "name": "e107-bbcode-xss(24625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3092.json b/2006/3xxx/CVE-2006-3092.json index ac9176c9eb4..1a1e6bb3d47 100644 --- a/2006/3xxx/CVE-2006-3092.json +++ b/2006/3xxx/CVE-2006-3092.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060610 PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437025/100/0/threaded" - }, - { - "name" : "http://www.acid-root.new.fr/advisories/phpmyfactures.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/phpmyfactures.txt" - }, - { - "name" : "26477", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26477" - }, - { - "name" : "20642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20642" - }, - { - "name" : "1111", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1111" - }, - { - "name" : "phpmyfactures-multiple-data-manipulation(27206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26477", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26477" + }, + { + "name": "phpmyfactures-multiple-data-manipulation(27206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27206" + }, + { + "name": "20060610 PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437025/100/0/threaded" + }, + { + "name": "20642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20642" + }, + { + "name": "http://www.acid-root.new.fr/advisories/phpmyfactures.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/phpmyfactures.txt" + }, + { + "name": "1111", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1111" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3165.json b/2006/3xxx/CVE-2006-3165.json index 71b011e2d9e..ffe6a7c9c7b 100644 --- a/2006/3xxx/CVE-2006-3165.json +++ b/2006/3xxx/CVE-2006-3165.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/free-realty-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/free-realty-vuln.html" - }, - { - "name" : "18531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18531" - }, - { - "name" : "ADV-2006-2432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2432" - }, - { - "name" : "26667", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26667" - }, - { - "name" : "20705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20705" - }, - { - "name" : "freerealty-propview-sql-injection(27252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2432" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/free-realty-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/free-realty-vuln.html" + }, + { + "name": "20705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20705" + }, + { + "name": "26667", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26667" + }, + { + "name": "18531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18531" + }, + { + "name": "freerealty-propview-sql-injection(27252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27252" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3861.json b/2006/3xxx/CVE-2006-3861.json index 3d309d839c3..b6d9402b8cf 100644 --- a/2006/3xxx/CVE-2006-3861.json +++ b/2006/3xxx/CVE-2006-3861.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 Informix - Discovery, Attack and Defense", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded" - }, - { - "name" : "20060814 Unauthorized Database Creation Privilege on Informix", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443192/100/0/threaded" - }, - { - "name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", - "refsource" : "MISC", - "url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" - }, - { - "name" : "19264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19264" - }, - { - "name" : "ADV-2006-3077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3077" - }, - { - "name" : "27692", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27692" - }, - { - "name" : "21301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21301" - }, - { - "name" : "informix-database-insecure-permission(28148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060814 Unauthorized Database Creation Privilege on Informix", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443192/100/0/threaded" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" + }, + { + "name": "20060814 Informix - Discovery, Attack and Defense", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded" + }, + { + "name": "27692", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27692" + }, + { + "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", + "refsource": "MISC", + "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" + }, + { + "name": "informix-database-insecure-permission(28148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148" + }, + { + "name": "21301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21301" + }, + { + "name": "19264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19264" + }, + { + "name": "ADV-2006-3077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3077" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4154.json b/2006/4xxx/CVE-2006-4154.json index 1fda1d12c51..9f903238e2a 100644 --- a/2006/4xxx/CVE-2006-4154.json +++ b/2006/4xxx/CVE-2006-4154.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061013 Apache HTTP Server mod_tcl set_var Format String Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421" - }, - { - "name" : "GLSA-200610-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-12.xml" - }, - { - "name" : "VU#366020", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/366020" - }, - { - "name" : "20527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20527" - }, - { - "name" : "ADV-2006-4033", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4033" - }, - { - "name" : "29536", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29536" - }, - { - "name" : "1017062", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017062" - }, - { - "name" : "22458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22458" - }, - { - "name" : "22549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22549" - }, - { - "name" : "modtcl-setvar-format-string(29550)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20527" + }, + { + "name": "1017062", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017062" + }, + { + "name": "22549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22549" + }, + { + "name": "29536", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29536" + }, + { + "name": "20061013 Apache HTTP Server mod_tcl set_var Format String Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421" + }, + { + "name": "ADV-2006-4033", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4033" + }, + { + "name": "GLSA-200610-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-12.xml" + }, + { + "name": "22458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22458" + }, + { + "name": "modtcl-setvar-format-string(29550)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29550" + }, + { + "name": "VU#366020", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/366020" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4361.json b/2006/4xxx/CVE-2006-4361.json index a6a2b92f0b0..da41fafad04 100644 --- a/2006/4xxx/CVE-2006-4361.json +++ b/2006/4xxx/CVE-2006-4361.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060821 Diesel Job Site forgot.php Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443926/100/0/threaded" - }, - { - "name" : "ADV-2006-3345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3345" - }, - { - "name" : "28073", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28073" - }, - { - "name" : "21589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21589" - }, - { - "name" : "1453", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1453" - }, - { - "name" : "jobsite-forgot-xss(28494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1453", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1453" + }, + { + "name": "jobsite-forgot-xss(28494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28494" + }, + { + "name": "20060821 Diesel Job Site forgot.php Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443926/100/0/threaded" + }, + { + "name": "28073", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28073" + }, + { + "name": "21589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21589" + }, + { + "name": "ADV-2006-3345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3345" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4812.json b/2006/4xxx/CVE-2006-4812.json index 44c5363af38..b1b1b80357d 100644 --- a/2006/4xxx/CVE-2006-4812.json +++ b/2006/4xxx/CVE-2006-4812.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448014/100/0/threaded" - }, - { - "name" : "http://www.hardened-php.net/files/CVE-2006-4812.patch", - "refsource" : "CONFIRM", - "url" : "http://www.hardened-php.net/files/CVE-2006-4812.patch" - }, - { - "name" : "http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162" - }, - { - "name" : "http://www.hardened-php.net/advisory_092006.133.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_092006.133.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm" - }, - { - "name" : "GLSA-200610-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml" - }, - { - "name" : "OpenPKG-SA-2006.023", - "refsource" : "OPENPKG", - "url" : "http://www.securityfocus.com/archive/1/448953/100/0/threaded" - }, - { - "name" : "RHSA-2006:0708", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0708.html" - }, - { - "name" : "RHSA-2006:0688", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0688.html" - }, - { - "name" : "SUSE-SA:2006:059", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html" - }, - { - "name" : "2006-0055", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0055" - }, - { - "name" : "USN-362-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-362-1" - }, - { - "name" : "20349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20349" - }, - { - "name" : "ADV-2006-3922", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3922" - }, - { - "name" : "1016984", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016984" - }, - { - "name" : "22280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22280" - }, - { - "name" : "22281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22281" - }, - { - "name" : "22338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22338" - }, - { - "name" : "22533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22533" - }, - { - "name" : "22650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22650" - }, - { - "name" : "22538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22538" - }, - { - "name" : "22331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22331" - }, - { - "name" : "22300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22300" - }, - { - "name" : "1691", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1691" - }, - { - "name" : "php-ecalloc-integer-overflow(29362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22300" + }, + { + "name": "22650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22650" + }, + { + "name": "1016984", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016984" + }, + { + "name": "22281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22281" + }, + { + "name": "22338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22338" + }, + { + "name": "20349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20349" + }, + { + "name": "OpenPKG-SA-2006.023", + "refsource": "OPENPKG", + "url": "http://www.securityfocus.com/archive/1/448953/100/0/threaded" + }, + { + "name": "GLSA-200610-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml" + }, + { + "name": "2006-0055", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0055" + }, + { + "name": "RHSA-2006:0688", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0688.html" + }, + { + "name": "USN-362-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-362-1" + }, + { + "name": "RHSA-2006:0708", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0708.html" + }, + { + "name": "22538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22538" + }, + { + "name": "1691", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1691" + }, + { + "name": "http://www.hardened-php.net/advisory_092006.133.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_092006.133.html" + }, + { + "name": "22533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22533" + }, + { + "name": "http://www.hardened-php.net/files/CVE-2006-4812.patch", + "refsource": "CONFIRM", + "url": "http://www.hardened-php.net/files/CVE-2006-4812.patch" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm" + }, + { + "name": "php-ecalloc-integer-overflow(29362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29362" + }, + { + "name": "http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162" + }, + { + "name": "SUSE-SA:2006:059", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html" + }, + { + "name": "20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448014/100/0/threaded" + }, + { + "name": "22331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22331" + }, + { + "name": "ADV-2006-3922", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3922" + }, + { + "name": "22280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22280" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6475.json b/2006/6xxx/CVE-2006-6475.json index c83567a4813..e327a396c9c 100644 --- a/2006/6xxx/CVE-2006-6475.json +++ b/2006/6xxx/CVE-2006-6475.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061218 SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454712/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt" - }, - { - "name" : "http://www.mandiant.com/firstresponse.htm", - "refsource" : "CONFIRM", - "url" : "http://www.mandiant.com/firstresponse.htm" - }, - { - "name" : "21548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21548" - }, - { - "name" : "ADV-2006-5061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5061" - }, - { - "name" : "1017394", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017394" - }, - { - "name" : "23393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23393" - }, - { - "name" : "2052", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mandiant.com/firstresponse.htm", + "refsource": "CONFIRM", + "url": "http://www.mandiant.com/firstresponse.htm" + }, + { + "name": "20061218 SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454712/100/0/threaded" + }, + { + "name": "23393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23393" + }, + { + "name": "ADV-2006-5061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5061" + }, + { + "name": "21548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21548" + }, + { + "name": "2052", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2052" + }, + { + "name": "1017394", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017394" + }, + { + "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7091.json b/2006/7xxx/CVE-2006-7091.json index b68e1c9e273..8a54cbb2e32 100644 --- a/2006/7xxx/CVE-2006-7091.json +++ b/2006/7xxx/CVE-2006-7091.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20486" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2104.json b/2010/2xxx/CVE-2010-2104.json index 75fc441a32e..3767b53b994 100644 --- a/2010/2xxx/CVE-2010-2104.json +++ b/2010/2xxx/CVE-2010-2104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100519 Secunia Research: Orbit Downloader metalink \"name\" Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511348/100/100/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-73/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-73/" - }, - { - "name" : "39527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2010-73/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-73/" + }, + { + "name": "39527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39527" + }, + { + "name": "20100519 Secunia Research: Orbit Downloader metalink \"name\" Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511348/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2206.json b/2010/2xxx/CVE-2010-2206.json index b3cd2b10693..a8b4bffad7d 100644 --- a/2010/2xxx/CVE-2010-2206.json +++ b/2010/2xxx/CVE-2010-2206.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100630 Secunia Research: Adobe Reader GIF Image Parsing Array-Indexing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512092/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-88/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-88/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html" - }, - { - "name" : "41241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41241" - }, - { - "name" : "oval:org.mitre.oval:def:7200", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200" - }, - { - "name" : "1024159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024159" - }, - { - "name" : "ADV-2010-1636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1636" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html" + }, + { + "name": "20100630 Secunia Research: Adobe Reader GIF Image Parsing Array-Indexing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512092/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2010-88/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-88/" + }, + { + "name": "oval:org.mitre.oval:def:7200", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200" + }, + { + "name": "1024159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024159" + }, + { + "name": "41241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41241" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2376.json b/2010/2xxx/CVE-2010-2376.json index 31110d679e7..666efe11eb7 100644 --- a/2010/2xxx/CVE-2010-2376.json +++ b/2010/2xxx/CVE-2010-2376.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2432.json b/2010/2xxx/CVE-2010-2432.json index e6278e4dc52..cca01145b82 100644 --- a/2010/2xxx/CVE-2010-2432.json +++ b/2010/2xxx/CVE-2010-2432.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cups.org/articles.php?L596", - "refsource" : "CONFIRM", - "url" : "http://cups.org/articles.php?L596" - }, - { - "name" : "http://cups.org/str.php?L3518", - "refsource" : "CONFIRM", - "url" : "http://cups.org/str.php?L3518" - }, - { - "name" : "DSA-2176", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2176" - }, - { - "name" : "GLSA-201207-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201207-10.xml" - }, - { - "name" : "MDVSA-2011:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146" - }, - { - "name" : "43521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43521" - }, - { - "name" : "ADV-2011-0535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cups.org/str.php?L3518", + "refsource": "CONFIRM", + "url": "http://cups.org/str.php?L3518" + }, + { + "name": "http://cups.org/articles.php?L596", + "refsource": "CONFIRM", + "url": "http://cups.org/articles.php?L596" + }, + { + "name": "DSA-2176", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2176" + }, + { + "name": "GLSA-201207-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201207-10.xml" + }, + { + "name": "MDVSA-2011:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146" + }, + { + "name": "ADV-2011-0535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0535" + }, + { + "name": "43521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43521" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2517.json b/2010/2xxx/CVE-2010-2517.json index 7686aab400a..aba6a9bd7e2 100644 --- a/2010/2xxx/CVE-2010-2517.json +++ b/2010/2xxx/CVE-2010-2517.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM07157", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157" - }, - { - "name" : "41205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41205" - }, - { - "name" : "40341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40341" - }, - { - "name" : "ADV-2010-1615", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40341" + }, + { + "name": "ADV-2010-1615", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1615" + }, + { + "name": "41205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41205" + }, + { + "name": "PM07157", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3153.json b/2010/3xxx/CVE-2010-3153.json index 42769cc8faa..c79bb3fc41a 100644 --- a/2010/3xxx/CVE-2010-3153.json +++ b/2010/3xxx/CVE-2010-3153.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100825 Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513340/100/0/threaded" - }, - { - "name" : "14775", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14775/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-24.html" - }, - { - "name" : "1024612", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024612" - }, - { - "name" : "41126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-24.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-24.html" + }, + { + "name": "41126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41126" + }, + { + "name": "1024612", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024612" + }, + { + "name": "20100825 Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513340/100/0/threaded" + }, + { + "name": "14775", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14775/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3227.json b/2010/3xxx/CVE-2010-3227.json index d5584dfcd30..c89f1fec29f 100644 --- a/2010/3xxx/CVE-2010-3227.json +++ b/2010/3xxx/CVE-2010-3227.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka \"Windows MFC Document Title Updating Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13921", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13921/" - }, - { - "name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)", - "refsource" : "MISC", - "url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)" - }, - { - "name" : "MS10-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-074" - }, - { - "name" : "oval:org.mitre.oval:def:6696", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6696" - }, - { - "name" : "1024557", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka \"Windows MFC Document Title Updating Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024557", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024557" + }, + { + "name": "oval:org.mitre.oval:def:6696", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6696" + }, + { + "name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)", + "refsource": "MISC", + "url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)" + }, + { + "name": "13921", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13921/" + }, + { + "name": "MS10-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-074" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0015.json b/2011/0xxx/CVE-2011-0015.json index 172e6a48848..5fa5c8003b1 100644 --- a/2011/0xxx/CVE-2011-0015.json +++ b/2011/0xxx/CVE-2011-0015.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Jan-2011/msg00000.html" - }, - { - "name" : "[oss-security] 20110118 Re: CVE request: tor", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/18/7" - }, - { - "name" : "http://blog.torproject.org/blog/tor-02129-released-security-patches", - "refsource" : "CONFIRM", - "url" : "http://blog.torproject.org/blog/tor-02129-released-security-patches" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/2324", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/2324" - }, - { - "name" : "DSA-2148", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2148" - }, - { - "name" : "45832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45832" - }, - { - "name" : "1024980", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024980" - }, - { - "name" : "42907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42907" - }, - { - "name" : "42905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42905" - }, - { - "name" : "ADV-2011-0131", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0131" - }, - { - "name" : "ADV-2011-0132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Jan-2011/msg00000.html" + }, + { + "name": "ADV-2011-0131", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0131" + }, + { + "name": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog" + }, + { + "name": "https://trac.torproject.org/projects/tor/ticket/2324", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/2324" + }, + { + "name": "42907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42907" + }, + { + "name": "http://blog.torproject.org/blog/tor-02129-released-security-patches", + "refsource": "CONFIRM", + "url": "http://blog.torproject.org/blog/tor-02129-released-security-patches" + }, + { + "name": "1024980", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024980" + }, + { + "name": "ADV-2011-0132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0132" + }, + { + "name": "DSA-2148", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2148" + }, + { + "name": "42905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42905" + }, + { + "name": "[oss-security] 20110118 Re: CVE request: tor", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/18/7" + }, + { + "name": "45832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45832" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0444.json b/2011/0xxx/CVE-2011-0444.json index b99cdce6758..5eeba7eb329 100644 --- a/2011/0xxx/CVE-2011-0444.json +++ b/2011/0xxx/CVE-2011-0444.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-01.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-02.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530" - }, - { - "name" : "FEDORA-2011-0450", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053650.html" - }, - { - "name" : "FEDORA-2011-0460", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html" - }, - { - "name" : "MDVSA-2011:007", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:007" - }, - { - "name" : "RHSA-2011:0369", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0369.html" - }, - { - "name" : "45775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45775" - }, - { - "name" : "70403", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70403" - }, - { - "name" : "oval:org.mitre.oval:def:14283", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14283" - }, - { - "name" : "43175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43175" - }, - { - "name" : "ADV-2011-0079", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0079" - }, - { - "name" : "ADV-2011-0104", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0104" - }, - { - "name" : "ADV-2011-0270", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0270" - }, - { - "name" : "ADV-2011-0719", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0719" - }, - { - "name" : "wireshark-maclte-bo(64624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43175" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-01.html" + }, + { + "name": "MDVSA-2011:007", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:007" + }, + { + "name": "ADV-2011-0270", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0270" + }, + { + "name": "45775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45775" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-02.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-02.html" + }, + { + "name": "wireshark-maclte-bo(64624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64624" + }, + { + "name": "ADV-2011-0719", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0719" + }, + { + "name": "FEDORA-2011-0450", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053650.html" + }, + { + "name": "ADV-2011-0079", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0079" + }, + { + "name": "FEDORA-2011-0460", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html" + }, + { + "name": "ADV-2011-0104", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0104" + }, + { + "name": "RHSA-2011:0369", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0369.html" + }, + { + "name": "oval:org.mitre.oval:def:14283", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14283" + }, + { + "name": "70403", + "refsource": "OSVDB", + "url": "http://osvdb.org/70403" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0990.json b/2011/0xxx/CVE-2011-0990.json index db8940c666a..e2d6dcabd85 100644 --- a/2011/0xxx/CVE-2011-0990.json +++ b/2011/0xxx/CVE-2011-0990.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update", - "refsource" : "MLIST", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html" - }, - { - "name" : "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/06/14" - }, - { - "name" : "http://www.mono-project.com/Vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://www.mono-project.com/Vulnerabilities" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=667077", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=667077" - }, - { - "name" : "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c", - "refsource" : "CONFIRM", - "url" : "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c" - }, - { - "name" : "47208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47208" - }, - { - "name" : "44002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44002" - }, - { - "name" : "44076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44076" - }, - { - "name" : "ADV-2011-0904", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0904" - }, - { - "name" : "momo-arraycopy-security-bypass(66625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077" + }, + { + "name": "47208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47208" + }, + { + "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/06/14" + }, + { + "name": "44002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44002" + }, + { + "name": "http://www.mono-project.com/Vulnerabilities", + "refsource": "CONFIRM", + "url": "http://www.mono-project.com/Vulnerabilities" + }, + { + "name": "44076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44076" + }, + { + "name": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c", + "refsource": "CONFIRM", + "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c" + }, + { + "name": "momo-arraycopy-security-bypass(66625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625" + }, + { + "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update", + "refsource": "MLIST", + "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html" + }, + { + "name": "ADV-2011-0904", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0904" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1396.json b/2011/1xxx/CVE-2011-1396.json index 7056a608c3b..65fad3f0316 100644 --- a/2011/1xxx/CVE-2011-1396.json +++ b/2011/1xxx/CVE-2011-1396.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21584666", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21584666" - }, - { - "name" : "IV09190", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190" - }, - { - "name" : "52333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52333" - }, - { - "name" : "48299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48299" - }, - { - "name" : "maximo-reporttype-xss(71999)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV09190", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" + }, + { + "name": "48299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48299" + }, + { + "name": "maximo-reporttype-xss(71999)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999" + }, + { + "name": "52333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52333" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1437.json b/2011/1xxx/CVE-2011-1437.json index 1b6607e4369..7944e6791bb 100644 --- a/2011/1xxx/CVE-2011-1437.json +++ b/2011/1xxx/CVE-2011-1437.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=73526", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=73526" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14601", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14601" - }, - { - "name" : "chrome-float-code-execution(67144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=73526", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=73526" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14601", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14601" + }, + { + "name": "chrome-float-code-execution(67144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67144" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1522.json b/2011/1xxx/CVE-2011-1522.json index 6b960f7e2cc..f2a54a71bc0 100644 --- a/2011/1xxx/CVE-2011-1522.json +++ b/2011/1xxx/CVE-2011-1522.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Doctrine\\DBAL\\Platforms\\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110325 CVE Request -- php-doctrine-Doctrine -- SQL injection flaw", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/25/2" - }, - { - "name" : "[oss-security] 20110328 Re: CVE Request -- php-doctrine-Doctrine -- SQL injection flaw", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/28/3" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674" - }, - { - "name" : "http://www.doctrine-project.org/blog/doctrine-security-fix", - "refsource" : "CONFIRM", - "url" : "http://www.doctrine-project.org/blog/doctrine-security-fix" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=689396", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=689396" - }, - { - "name" : "DSA-2223", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2223" - }, - { - "name" : "47034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Doctrine\\DBAL\\Platforms\\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110328 Re: CVE Request -- php-doctrine-Doctrine -- SQL injection flaw", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/28/3" + }, + { + "name": "47034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47034" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674" + }, + { + "name": "DSA-2223", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2223" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=689396", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689396" + }, + { + "name": "[oss-security] 20110325 CVE Request -- php-doctrine-Doctrine -- SQL injection flaw", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/25/2" + }, + { + "name": "http://www.doctrine-project.org/blog/doctrine-security-fix", + "refsource": "CONFIRM", + "url": "http://www.doctrine-project.org/blog/doctrine-security-fix" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1668.json b/2011/1xxx/CVE-2011-1668.json index aa09adf12bc..40ddadcbb04 100644 --- a/2011/1xxx/CVE-2011-1668.json +++ b/2011/1xxx/CVE-2011-1668.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110401 AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517294/100/0/threaded" - }, - { - "name" : "http://secpod.org/advisories/SECPOD_AWCM_XSS.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SECPOD_AWCM_XSS.txt" - }, - { - "name" : "47126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47126" - }, - { - "name" : "8193", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8193" - }, - { - "name" : "arwebcontentmanager-search-xss(66536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secpod.org/advisories/SECPOD_AWCM_XSS.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SECPOD_AWCM_XSS.txt" + }, + { + "name": "arwebcontentmanager-search-xss(66536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66536" + }, + { + "name": "47126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47126" + }, + { + "name": "8193", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8193" + }, + { + "name": "20110401 AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517294/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5019.json b/2011/5xxx/CVE-2011-5019.json index 9c7db089bb8..f794bd71893 100644 --- a/2011/5xxx/CVE-2011-5019.json +++ b/2011/5xxx/CVE-2011-5019.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120103 TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0018.html" - }, - { - "name" : "51254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51254" - }, - { - "name" : "textpattern-ddb-xss(72102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51254" + }, + { + "name": "20120103 TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0018.html" + }, + { + "name": "textpattern-ddb-xss(72102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72102" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5119.json b/2011/5xxx/CVE-2011-5119.json index 92913f3403a..a57ca6180fa 100644 --- a/2011/5xxx/CVE-2011-5119.json +++ b/2011/5xxx/CVE-2011-5119.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://personalfirewall.comodo.com/release_notes.html", - "refsource" : "CONFIRM", - "url" : "http://personalfirewall.comodo.com/release_notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://personalfirewall.comodo.com/release_notes.html", + "refsource": "CONFIRM", + "url": "http://personalfirewall.comodo.com/release_notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3098.json b/2014/3xxx/CVE-2014-3098.json index a0dec03d0dd..9eac4ba52b7 100644 --- a/2014/3xxx/CVE-2014-3098.json +++ b/2014/3xxx/CVE-2014-3098.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3098", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3098", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3458.json b/2014/3xxx/CVE-2014-3458.json index 6c53da86d09..9f1f33d16b9 100644 --- a/2014/3xxx/CVE-2014-3458.json +++ b/2014/3xxx/CVE-2014-3458.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3458", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3458", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3580.json b/2014/3xxx/CVE-2014-3580.json index 04e117db798..4ee2e1c43e3 100644 --- a/2014/3xxx/CVE-2014-3580.json +++ b/2014/3xxx/CVE-2014-3580.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt" - }, - { - "name" : "https://support.apple.com/HT204427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204427" - }, - { - "name" : "APPLE-SA-2015-03-09-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html" - }, - { - "name" : "DSA-3107", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3107" - }, - { - "name" : "RHSA-2015:0165", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0165.html" - }, - { - "name" : "RHSA-2015:0166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0166.html" - }, - { - "name" : "USN-2721-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2721-1" - }, - { - "name" : "71726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71726" - }, - { - "name" : "61131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3107", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3107" + }, + { + "name": "RHSA-2015:0166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html" + }, + { + "name": "https://support.apple.com/HT204427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204427" + }, + { + "name": "71726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71726" + }, + { + "name": "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt" + }, + { + "name": "APPLE-SA-2015-03-09-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html" + }, + { + "name": "RHSA-2015:0165", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0165.html" + }, + { + "name": "61131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61131" + }, + { + "name": "USN-2721-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2721-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3600.json b/2014/3xxx/CVE-2014-3600.json index 9a957715b1b..b53b277ad4a 100644 --- a/2014/3xxx/CVE-2014-3600.json +++ b/2014/3xxx/CVE-2014-3600.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/427" - }, - { - "name" : "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt", - "refsource" : "CONFIRM", - "url" : "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt" - }, - { - "name" : "https://issues.apache.org/jira/browse/AMQ-5333", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/AMQ-5333" - }, - { - "name" : "72510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72510" - }, - { - "name" : "apache-activemq-cve20143600-info-disc(100722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/427" + }, + { + "name": "72510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72510" + }, + { + "name": "apache-activemq-cve20143600-info-disc(100722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100722" + }, + { + "name": "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt", + "refsource": "CONFIRM", + "url": "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt" + }, + { + "name": "https://issues.apache.org/jira/browse/AMQ-5333", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/AMQ-5333" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6185.json b/2014/6xxx/CVE-2014-6185.json index 2e31c9500f4..f299cfa3008 100644 --- a/2014/6xxx/CVE-2014-6185.json +++ b/2014/6xxx/CVE-2014-6185.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695715", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695715" - }, - { - "name" : "IT05713", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713" - }, - { - "name" : "ibm-tsm-cve20146185-dso(98521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-tsm-cve20146185-dso(98521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715" + }, + { + "name": "IT05713", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7118.json b/2014/7xxx/CVE-2014-7118.json index 31c6dabd4a8..63f29970ee1 100644 --- a/2014/7xxx/CVE-2014-7118.json +++ b/2014/7xxx/CVE-2014-7118.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#141793", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/141793" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#141793", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/141793" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7889.json b/2014/7xxx/CVE-2014-7889.json index 164039dbe6c..04355f9a237 100644 --- a/2014/7xxx/CVE-2014-7889.json +++ b/2014/7xxx/CVE-2014-7889.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-7889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF03279", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" - }, - { - "name" : "SSRT101695", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" - }, - { - "name" : "1031840", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101695", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" + }, + { + "name": "1031840", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031840" + }, + { + "name": "HPSBHF03279", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8394.json b/2014/8xxx/CVE-2014-8394.json index c1d41979ad8..b1459738c04 100644 --- a/2014/8xxx/CVE-2014-8394.json +++ b/2014/8xxx/CVE-2014-8394.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150112 Corel Software DLL Hijacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534452/100/0/threaded" - }, - { - "name" : "20150112 Corel Software DLL Hijacking", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/33" - }, - { - "name" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking" - }, - { - "name" : "72004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150112 Corel Software DLL Hijacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534452/100/0/threaded" + }, + { + "name": "72004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72004" + }, + { + "name": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking" + }, + { + "name": "20150112 Corel Software DLL Hijacking", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/33" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8420.json b/2014/8xxx/CVE-2014-8420.json index 76920d2e7e0..a563af1b42b 100644 --- a/2014/8xxx/CVE-2014-8420.json +++ b/2014/8xxx/CVE-2014-8420.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-385/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-385/" - }, - { - "name" : "https://support.software.dell.com/product-notification/136814", - "refsource" : "CONFIRM", - "url" : "https://support.software.dell.com/product-notification/136814" - }, - { - "name" : "71241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71241" - }, - { - "name" : "dell-sonicwall-cve20148420-code-exec(98911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.software.dell.com/product-notification/136814", + "refsource": "CONFIRM", + "url": "https://support.software.dell.com/product-notification/136814" + }, + { + "name": "dell-sonicwall-cve20148420-code-exec(98911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/" + }, + { + "name": "71241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71241" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8425.json b/2014/8xxx/CVE-2014-8425.json index 75aa440e84d..c11c8c375df 100644 --- a/2014/8xxx/CVE-2014-8425.json +++ b/2014/8xxx/CVE-2014-8425.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-387/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-387/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-387/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-387/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2473.json b/2016/2xxx/CVE-2016-2473.json index f33102c17f8..351b934f398 100644 --- a/2016/2xxx/CVE-2016-2473.json +++ b/2016/2xxx/CVE-2016-2473.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2528.json b/2016/2xxx/CVE-2016-2528.json index dc94050b29b..a2adc71aa74 100644 --- a/2016/2xxx/CVE-2016-2528.json +++ b/2016/2xxx/CVE-2016-2528.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-08.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312" - }, - { - "name" : "GLSA-201604-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-05" - }, - { - "name" : "1035118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-08.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-08.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984" + }, + { + "name": "GLSA-201604-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-05" + }, + { + "name": "1035118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035118" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2550.json b/2016/2xxx/CVE-2016-2550.json index 00e080e263d..90c005b86ff 100644 --- a/2016/2xxx/CVE-2016-2550.json +++ b/2016/2xxx/CVE-2016-2550.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-2550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160223 CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/23/2" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311517", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311517" - }, - { - "name" : "https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "DSA-3503", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3503" - }, - { - "name" : "USN-2946-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2946-1" - }, - { - "name" : "USN-2946-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2946-2" - }, - { - "name" : "USN-2947-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2947-1" - }, - { - "name" : "USN-2947-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2947-2" - }, - { - "name" : "USN-2947-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2947-3" - }, - { - "name" : "USN-2948-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2948-1" - }, - { - "name" : "USN-2948-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2948-2" - }, - { - "name" : "USN-2949-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2949-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311517", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311517" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "USN-2949-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2949-1" + }, + { + "name": "[oss-security] 20160223 CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/23/2" + }, + { + "name": "DSA-3503", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3503" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6" + }, + { + "name": "USN-2947-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2947-3" + }, + { + "name": "USN-2947-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2947-2" + }, + { + "name": "USN-2947-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2947-1" + }, + { + "name": "USN-2946-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2946-2" + }, + { + "name": "USN-2948-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2948-1" + }, + { + "name": "USN-2946-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2946-1" + }, + { + "name": "USN-2948-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2948-2" + }, + { + "name": "https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2775.json b/2016/2xxx/CVE-2016-2775.json index 5fbecc64f7f..e74144a611d 100644 --- a/2016/2xxx/CVE-2016-2775.json +++ b/2016/2xxx/CVE-2016-2775.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/article/AA-01393/74/CVE-2016-2775", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01393/74/CVE-2016-2775" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107" - }, - { - "name" : "https://kb.isc.org/article/AA-01438", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01438" - }, - { - "name" : "https://kb.isc.org/article/AA-01435", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01435" - }, - { - "name" : "https://kb.isc.org/article/AA-01436", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01436" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160722-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160722-0002/" - }, - { - "name" : "FEDORA-2016-007efacd1c", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7T2WJP5ELO4ZRSBXSETIZ3GAO6KOEFTA/" - }, - { - "name" : "FEDORA-2016-53f0c65f40", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ5STNEUHBNEPUHJT7CYEVSMATFYMIX7/" - }, - { - "name" : "FEDORA-2016-2941b3264e", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZUCSMEOZIZ2R2SKA4FPLTOVZHJBAOWC/" - }, - { - "name" : "FEDORA-2016-3fba74e7f5", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TT754KDUJTKOASJODJX7FKHCOQ6EC7UX/" - }, - { - "name" : "GLSA-201610-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-07" - }, - { - "name" : "RHBA-2017:0651", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2017:0651" - }, - { - "name" : "RHBA-2017:1767", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2017:1767" - }, - { - "name" : "RHSA-2017:2533", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2533" - }, - { - "name" : "92037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92037" - }, - { - "name" : "1036360", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-53f0c65f40", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ5STNEUHBNEPUHJT7CYEVSMATFYMIX7/" + }, + { + "name": "https://kb.isc.org/article/AA-01438", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01438" + }, + { + "name": "RHBA-2017:1767", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2017:1767" + }, + { + "name": "FEDORA-2016-3fba74e7f5", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TT754KDUJTKOASJODJX7FKHCOQ6EC7UX/" + }, + { + "name": "92037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92037" + }, + { + "name": "GLSA-201610-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-07" + }, + { + "name": "https://kb.isc.org/article/AA-01435", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01435" + }, + { + "name": "RHBA-2017:0651", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2017:0651" + }, + { + "name": "FEDORA-2016-2941b3264e", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZUCSMEOZIZ2R2SKA4FPLTOVZHJBAOWC/" + }, + { + "name": "https://kb.isc.org/article/AA-01393/74/CVE-2016-2775", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01393/74/CVE-2016-2775" + }, + { + "name": "1036360", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036360" + }, + { + "name": "FEDORA-2016-007efacd1c", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7T2WJP5ELO4ZRSBXSETIZ3GAO6KOEFTA/" + }, + { + "name": "RHSA-2017:2533", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2533" + }, + { + "name": "https://kb.isc.org/article/AA-01436", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01436" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160722-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160722-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6259.json b/2016/6xxx/CVE-2016-6259.json index 547439cd649..7533eb3f300 100644 --- a/2016/6xxx/CVE-2016-6259.json +++ b/2016/6xxx/CVE-2016-6259.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX214954", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX214954" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-183.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-183.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa183-4.6.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa183-4.6.patch" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa183-unstable.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa183-unstable.patch" - }, - { - "name" : "92130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92130" - }, - { - "name" : "1036447", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92130" + }, + { + "name": "http://support.citrix.com/article/CTX214954", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX214954" + }, + { + "name": "1036447", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036447" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa183-unstable.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa183-unstable.patch" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-183.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-183.html" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa183-4.6.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa183-4.6.patch" + } + ] + } +} \ No newline at end of file diff --git a/2017/1001xxx/CVE-2017-1001001.json b/2017/1001xxx/CVE-2017-1001001.json index 6f9834f2885..b448bd546d4 100644 --- a/2017/1001xxx/CVE-2017-1001001.json +++ b/2017/1001xxx/CVE-2017-1001001.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1001001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PluXml", - "version" : { - "version_data" : [ - { - "version_value" : "before 5.6" - } - ] - } - } - ] - }, - "vendor_name" : "PluXml" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "josh@bress.net", + "ID": "CVE-2017-1001001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PluXml", + "version": { + "version_data": [ + { + "version_value": "before 5.6" + } + ] + } + } + ] + }, + "vendor_name": "PluXml" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pluxml/PluXml/issues/253", - "refsource" : "CONFIRM", - "url" : "https://github.com/pluxml/PluXml/issues/253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pluxml/PluXml/issues/253", + "refsource": "CONFIRM", + "url": "https://github.com/pluxml/PluXml/issues/253" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18123.json b/2017/18xxx/CVE-2017-18123.json index 43fd53d80c5..279370f6c00 100644 --- a/2017/18xxx/CVE-2017-18123.json +++ b/2017/18xxx/CVE-2017-18123.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180204 [SECURITY] [DLA 1269-1] dokuwiki security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html" - }, - { - "name" : "[debian-lts-announce] 20180705 [SECURITY] [DLA 1413-1] dokuwiki security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html" - }, - { - "name" : "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86", - "refsource" : "MISC", - "url" : "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86" - }, - { - "name" : "https://github.com/splitbrain/dokuwiki/issues/2029", - "refsource" : "MISC", - "url" : "https://github.com/splitbrain/dokuwiki/issues/2029" - }, - { - "name" : "https://github.com/splitbrain/dokuwiki/pull/2019", - "refsource" : "MISC", - "url" : "https://github.com/splitbrain/dokuwiki/pull/2019" - }, - { - "name" : "https://hackerone.com/reports/238316", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/238316" - }, - { - "name" : "https://vulnhive.com/2018/000004", - "refsource" : "MISC", - "url" : "https://vulnhive.com/2018/000004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/splitbrain/dokuwiki/pull/2019", + "refsource": "MISC", + "url": "https://github.com/splitbrain/dokuwiki/pull/2019" + }, + { + "name": "https://vulnhive.com/2018/000004", + "refsource": "MISC", + "url": "https://vulnhive.com/2018/000004" + }, + { + "name": "[debian-lts-announce] 20180204 [SECURITY] [DLA 1269-1] dokuwiki security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html" + }, + { + "name": "[debian-lts-announce] 20180705 [SECURITY] [DLA 1413-1] dokuwiki security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html" + }, + { + "name": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86", + "refsource": "MISC", + "url": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86" + }, + { + "name": "https://hackerone.com/reports/238316", + "refsource": "MISC", + "url": "https://hackerone.com/reports/238316" + }, + { + "name": "https://github.com/splitbrain/dokuwiki/issues/2029", + "refsource": "MISC", + "url": "https://github.com/splitbrain/dokuwiki/issues/2029" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18137.json b/2017/18xxx/CVE-2017-18137.json index c844fae65ce..47d3c321ee6 100644 --- a/2017/18xxx/CVE-2017-18137.json +++ b/2017/18xxx/CVE-2017-18137.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835, while processing the IPv6 pdp address of the pdp context, a buffer overflow can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835, while processing the IPv6 pdp address of the pdp context, a buffer overflow can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18167.json b/2017/18xxx/CVE-2017-18167.json index 14207793a41..ba95a705e79 100644 --- a/2017/18xxx/CVE-2017-18167.json +++ b/2017/18xxx/CVE-2017-18167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18167", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18167", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1150.json b/2017/1xxx/CVE-2017-1150.json index 90a016da467..a6ab29c737f 100644 --- a/2017/1xxx/CVE-2017-1150.json +++ b/2017/1xxx/CVE-2017-1150.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "10.1" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999515", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999515" - }, - { - "name" : "96597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96597" - }, - { - "name" : "1037946", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037946", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037946" + }, + { + "name": "96597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96597" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999515", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999515" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1458.json b/2017/1xxx/CVE-2017-1458.json index b1b18263f5f..ca8847bd602 100644 --- a/2017/1xxx/CVE-2017-1458.json +++ b/2017/1xxx/CVE-2017-1458.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-31T00:00:00", - "ID" : "CVE-2017-1458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar Network Security", - "version" : { - "version_data" : [ - { - "version_value" : "5.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-31T00:00:00", + "ID": "CVE-2017-1458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar Network Security", + "version": { + "version_data": [ + { + "version_value": "5.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128377", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128377" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007551", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007551" - }, - { - "name" : "100638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007551", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007551" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128377", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128377" + }, + { + "name": "100638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100638" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1665.json b/2017/1xxx/CVE-2017-1665.json index 3eaecd45500..d4e42c73d54 100644 --- a/2017/1xxx/CVE-2017-1665.json +++ b/2017/1xxx/CVE-2017-1665.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2017-1665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.5" - }, - { - "version_value" : "2.6" - }, - { - "version_value" : "2.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2017-1665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.5" + }, + { + "version_value": "2.6" + }, + { + "version_value": "2.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012023", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012023" - }, - { - "name" : "DSA-4262", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012023", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012023" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559" + }, + { + "name": "DSA-4262", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4262" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5042.json b/2017/5xxx/CVE-2017-5042.json index 6f76a57cf7b..e3f62af4db0 100644 --- a/2017/5xxx/CVE-2017-5042.json +++ b/2017/5xxx/CVE-2017-5042.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/671932", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/671932" - }, - { - "name" : "DSA-3810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3810" - }, - { - "name" : "GLSA-201704-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-02" - }, - { - "name" : "RHSA-2017:0499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html" - }, - { - "name" : "96767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201704-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-02" + }, + { + "name": "https://crbug.com/671932", + "refsource": "CONFIRM", + "url": "https://crbug.com/671932" + }, + { + "name": "DSA-3810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3810" + }, + { + "name": "96767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96767" + }, + { + "name": "RHSA-2017:0499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5240.json b/2017/5xxx/CVE-2017-5240.json index 84757921bcd..3d52c1316eb 100644 --- a/2017/5xxx/CVE-2017-5240.json +++ b/2017/5xxx/CVE-2017-5240.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AppSpider Pro", - "version" : { - "version_data" : [ - { - "version_value" : "All version prior to 6.14.060" - } - ] - } - } - ] - }, - "vendor_name" : "Rapid7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AppSpider Pro", + "version": { + "version_data": [ + { + "version_value": "All version prior to 6.14.060" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/docs/DOC-3631", - "refsource" : "CONFIRM", - "url" : "https://community.rapid7.com/docs/DOC-3631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/docs/DOC-3631", + "refsource": "CONFIRM", + "url": "https://community.rapid7.com/docs/DOC-3631" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5463.json b/2017/5xxx/CVE-2017-5463.json index 6d9661bace5..29da31ed70f 100644 --- a/2017/5xxx/CVE-2017-5463.json +++ b/2017/5xxx/CVE-2017-5463.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Addressbar spoofing through reader view on Firefox for Android" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Addressbar spoofing through reader view on Firefox for Android" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5706.json b/2017/5xxx/CVE-2017-5706.json index 691f4f704f8..7e8699d4470 100644 --- a/2017/5xxx/CVE-2017-5706.json +++ b/2017/5xxx/CVE-2017-5706.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-11-20T00:00:00", - "ID" : "CVE-2017-5706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Platform Services", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-11-20T00:00:00", + "ID": "CVE-2017-5706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Platform Services", + "version": { + "version_data": [ + { + "version_value": "4.0" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/PTsecurity_UK/status/938447926128291842", - "refsource" : "MISC", - "url" : "https://twitter.com/PTsecurity_UK/status/938447926128291842" - }, - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171120-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171120-0001/" - }, - { - "name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0", - "refsource" : "CONFIRM", - "url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" - }, - { - "name" : "101906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101906" - }, - { - "name" : "1039955", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101906" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171120-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171120-0001/" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us" + }, + { + "name": "1039955", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039955" + }, + { + "name": "https://twitter.com/PTsecurity_UK/status/938447926128291842", + "refsource": "MISC", + "url": "https://twitter.com/PTsecurity_UK/status/938447926128291842" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" + }, + { + "name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0", + "refsource": "CONFIRM", + "url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5745.json b/2017/5xxx/CVE-2017-5745.json index b996082a335..60f6fdaa706 100644 --- a/2017/5xxx/CVE-2017-5745.json +++ b/2017/5xxx/CVE-2017-5745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5990.json b/2017/5xxx/CVE-2017-5990.json index 1113cce72ad..7ae4f56e619 100644 --- a/2017/5xxx/CVE-2017-5990.json +++ b/2017/5xxx/CVE-2017-5990.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the \"form\" HTTP GET parameter passed to the \"PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php\" and \"PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php\" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge \"stable release\" (aka R37RC1)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c", - "refsource" : "CONFIRM", - "url" : "https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c" - }, - { - "name" : "https://github.com/phreebooks/PhreeBooksERP/issues/230", - "refsource" : "CONFIRM", - "url" : "https://github.com/phreebooks/PhreeBooksERP/issues/230" - }, - { - "name" : "96219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the \"form\" HTTP GET parameter passed to the \"PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php\" and \"PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php\" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge \"stable release\" (aka R37RC1)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phreebooks/PhreeBooksERP/issues/230", + "refsource": "CONFIRM", + "url": "https://github.com/phreebooks/PhreeBooksERP/issues/230" + }, + { + "name": "https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c", + "refsource": "CONFIRM", + "url": "https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c" + }, + { + "name": "96219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96219" + } + ] + } +} \ No newline at end of file